| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Microsoft Guard und mehr?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
03.07.2011, 11:29
| #1 |
 |  Microsoft Guard und mehr? Hallo liebe Trojaner Freunde, mein Sohn hat sich auf einem Windows 7 Rechner (aktuellster Update Stand) den Microsoft Guard Virus eingefangen, und dieser verhindert aktuell quasi sämtliche Zugriffe. Ich sitze also gerade mit meinem Läppi neben dem infizierten Rechner und versuche die Step by Step Anleitungen von euch umzusetzen. Avira hat nach heutigem Update den Virus erkannt und in den Container geschoben, ich will aber sicher gehen, das alles sauber ist. Hier nun die Log Files Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:02 on 03/07/2011 (Mustermann)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 03.07.2011 12:12:57 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Mustermann\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 68,68% Memory free 7,99 Gb Paging File | 6,63 Gb Available in Paging File | 82,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 361,25 Gb Free Space | 77,58% Space Free | Partition Type: NTFS Drive E: | 3,77 Gb Total Space | 3,76 Gb Free Space | 99,98% Space Free | Partition Type: FAT32 Computer Name: Mustermann-PC | User Name: Mustermann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.03 12:08:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.25 16:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\PROGRA~2\Bandoo\Bandoo.exe PRC - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.04.29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.04.27 14:05:43 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.16 20:02:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.30 19:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2010.10.13 16:21:08 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2010.09.02 11:57:52 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe PRC - [2010.08.08 23:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.10.23 21:24:54 | 001,085,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe PRC - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.10.01 14:44:44 | 001,748,992 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe PRC - [2009.07.10 12:23:54 | 000,036,864 | R--- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe ========== Modules (SafeList) ========== MOD - [2011.07.03 12:08:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2010.10.13 16:20:52 | 000,023,864 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll MOD - [2006.07.11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\SweetIM\Messenger\MSVCR71.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.25 16:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\PROGRA~2\Bandoo\Bandoo.exe -- (Bandoo Coordinator) SRV - [2011.04.27 14:05:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.16 20:02:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.08.08 23:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.08.10 22:34:50 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.10 12:23:54 | 000,036,864 | R--- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.02.29 03:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.05.19 18:57:42 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.05.19 18:42:12 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.30 19:13:02 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.11.30 19:13:02 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.11.25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.06.22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.04.27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.21 13:01:34 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.10.01 17:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2006.11.28 22:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64) DRV:64bit: - [2006.11.28 22:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64) DRV - [2010.12.23 16:42:55 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x64\sandra.sys -- (SANDRA) DRV - [2008.10.01 17:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV - [2007.03.16 11:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6ce17de700000000000036469a08ddb1&tlver=1.4.19.19&ss=1&affID=17395 IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 0C 34 19 B3 A2 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406" FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=" FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.27 23:20:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.01.16 14:01:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.05.30 18:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions [2011.01.16 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.27 23:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions [2011.05.04 16:50:52 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011.06.27 23:20:36 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011.06.04 18:19:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.21 16:29:56 | 000,000,927 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\conduit.xml [2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\SearchquWebSearch.xml [2011.05.30 18:39:24 | 000,003,915 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\sweetim.xml [2011.06.27 23:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.04.09 14:23:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.19 09:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.06 15:28:40 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] File not found O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [DATAMNGR] File not found O4 - HKLM..\Run: [jswtrayutil] File not found O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - Startup: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mustermann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mustermann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\iebho.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\progra~2\bandoo\bndhook.dll (Discordia Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O27:64bit: - HKLM IFEO\afwserv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\avastsvc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\avastui.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\egui.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\ekrn.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\msascui.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\msmpeng.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\msseces.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\afwserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avastsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avastui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\egui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ekrn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msascui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msmpeng.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msseces.exe: Debugger - svchost.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.03 12:11:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2011.06.26 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\TempFiles [2011.06.26 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\My Videos [2011.06.26 18:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2011.06.26 18:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2011.06.26 18:12:29 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\SelfMV [2011.06.26 18:08:20 | 000,000,000 | ---D | C] -- C:\Temp [2011.06.26 18:05:47 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Samsung [2011.06.26 18:04:48 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2011.06.26 18:04:45 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2011.06.26 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Downloaded Installations [2011.06.26 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Samsung [2011.06.26 17:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.06.26 17:58:07 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys [2011.06.26 17:58:07 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys [2011.06.26 17:58:07 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys [2011.06.26 17:58:07 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys [2011.06.26 17:58:07 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys [2011.06.26 17:58:07 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys [2011.06.26 17:58:07 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys [2011.06.26 17:57:22 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe [2011.06.26 17:57:22 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys [2011.06.26 17:57:22 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys [2011.06.26 17:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2011.06.26 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Samsung [2011.06.26 17:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2011.06.26 17:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.06.26 17:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2011.06.26 17:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung [2011.06.23 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\rtgs [2011.06.22 21:08:54 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\vlc [2011.06.22 21:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.06.22 21:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.06.22 20:50:53 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Warehouse.13.S02 [2011.06.22 20:42:06 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Warehouse.13.S01 [2011.06.22 20:12:18 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Big.Bang.Theory.S03 [2011.06.22 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Big.Bang.Theory.S02 [2011.06.22 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Big.Bang.Theory.S01SD [2011.06.11 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\LEGO Creations [2011.06.11 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\LEGO Company [2011.06.11 17:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company [2011.06.11 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company [2011.06.09 17:06:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011.06.09 17:05:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.06.09 17:02:42 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2011.06.09 17:02:26 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2011.06.04 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.04 18:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Plasmoo [2011.06.04 18:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.06.04 18:19:45 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\DVDVideoSoft [2011.06.04 18:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011.06.04 18:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Mustermann\AppData\Local\*.tmp files -> C:\Users\Mustermann\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.03 12:14:13 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.03 12:14:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.03 12:13:53 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.03 12:13:53 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.03 12:13:53 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.03 12:13:53 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.03 12:13:53 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.03 12:12:24 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.03 12:12:24 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.03 12:08:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2011.07.03 12:05:06 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.07.03 12:05:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.03 12:04:38 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2011.07.03 12:02:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011.07.03 12:02:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011.07.03 12:01:54 | 000,000,134 | ---- | M] () -- C:\Users\Mustermann\Desktop\Internet Explorer-Problembehebung.url [2011.07.03 12:01:12 | 000,050,477 | ---- | M] () -- C:\Users\Mustermann\Desktop\Defogger.exe [2011.07.03 11:56:56 | 000,000,000 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\{FA24948E-1887-4873-99F7-7035A401D8AA} [2011.06.28 22:11:33 | 000,000,000 | ---- | M] () -- C:\Users\Mustermann\defogger_reenable [2011.06.28 22:02:44 | 001,008,041 | ---- | M] () -- C:\Users\Mustermann\Desktop\rkill.com [2011.06.27 23:20:11 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.26 18:08:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.06.26 18:04:58 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.06.26 17:53:41 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2011.06.26 15:08:27 | 000,000,000 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\{A407F8EA-8D80-4B1B-B91B-4D09CAFD0CB3} [2011.06.23 19:12:48 | 018,780,143 | R--- | M] () -- C:\Users\Mustermann\Desktop\3931%20-%20Megaman%20Star%20Force%203-Black%20Ace%20%28U%29.zip [2011.06.22 21:08:50 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.06.17 12:09:33 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.06.08 16:09:08 | 000,013,445 | ---- | M] () -- C:\Users\Mustermann\Documents\ertf.rtf [2011.06.07 14:00:09 | 000,000,207 | ---- | M] () -- C:\Users\Mustermann\Documents\bxc.rtf [2011.06.07 12:01:07 | 000,000,191 | ---- | M] () -- C:\Users\Mustermann\Documents\f.rtf [2011.06.04 18:19:46 | 000,001,398 | ---- | M] () -- C:\Users\Mustermann\Desktop\Free YouTube to MP3 Converter.lnk [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Mustermann\AppData\Local\*.tmp files -> C:\Users\Mustermann\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.03 12:05:48 | 000,001,409 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.07.03 12:05:45 | 000,001,443 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.07.03 12:02:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.07.03 12:02:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.07.03 12:02:33 | 000,050,477 | ---- | C] () -- C:\Users\Mustermann\Desktop\Defogger.exe [2011.07.03 12:01:53 | 000,000,134 | ---- | C] () -- C:\Users\Mustermann\Desktop\Internet Explorer-Problembehebung.url [2011.07.03 11:56:56 | 000,000,000 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\{FA24948E-1887-4873-99F7-7035A401D8AA} [2011.06.28 22:12:18 | 001,008,041 | ---- | C] () -- C:\Users\Mustermann\Desktop\rkill.com [2011.06.28 22:11:33 | 000,000,000 | ---- | C] () -- C:\Users\Mustermann\defogger_reenable [2011.06.27 23:20:11 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.06.27 23:20:11 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.26 18:08:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.06.26 18:04:58 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.06.26 17:53:41 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp [2011.06.26 15:08:27 | 000,000,000 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\{A407F8EA-8D80-4B1B-B91B-4D09CAFD0CB3} [2011.06.23 19:08:16 | 018,780,143 | R--- | C] () -- C:\Users\Mustermann\Desktop\3931%20-%20Megaman%20Star%20Force%203-Black%20Ace%20%28U%29.zip [2011.06.22 21:08:50 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.06.17 12:09:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.06.17 12:09:33 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.06.09 17:03:28 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2011.06.09 17:02:13 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2011.06.09 17:01:56 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2011.06.09 17:01:56 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2011.06.09 17:01:45 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2011.06.08 15:48:20 | 000,013,445 | ---- | C] () -- C:\Users\Mustermann\Documents\ertf.rtf [2011.06.07 14:00:09 | 000,000,207 | ---- | C] () -- C:\Users\Mustermann\Documents\bxc.rtf [2011.06.07 12:01:07 | 000,000,191 | ---- | C] () -- C:\Users\Mustermann\Documents\f.rtf [2011.06.04 18:19:46 | 000,001,398 | ---- | C] () -- C:\Users\Mustermann\Desktop\Free YouTube to MP3 Converter.lnk [2011.05.30 18:29:58 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.01.29 16:20:09 | 010,956,800 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.12.25 15:35:32 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2010.12.23 16:24:47 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.23 15:18:46 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.09.15 08:25:48 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.08.27 09:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.05.30 18:39:29 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Bandoo [2011.06.04 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.11 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\LEGO Company [2011.04.09 14:24:27 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\OpenOffice.org [2011.06.26 18:04:29 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Samsung [2011.01.16 14:01:20 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Thunderbird [2011.05.19 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\WorldShift [2011.06.10 18:00:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.19 18:51:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.12.23 15:16:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.12.23 16:41:05 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.19 12:26:07 | 000,000,000 | R--D | M] -- C:\Program Files [2011.06.28 20:58:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.06.26 17:53:43 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.12.23 15:16:00 | 000,000,000 | -HSD | M] -- C:\Programme [2010.12.23 15:16:00 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.07.03 12:13:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.26 18:26:47 | 000,000,000 | ---D | M] -- C:\Temp [2011.05.19 18:56:39 | 000,000,000 | R--D | M] -- C:\Users [2011.07.03 12:00:26 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX1\procs\explorer.exe [2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX2\procs\explorer.exe [2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX3\procs\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX1\h\explorer.exe [2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX2\h\explorer.exe [2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX3\h\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX1\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX3\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX3\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Warehouse.13.S02:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Warehouse.13.S01:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Big.Bang.Theory.S03:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Big.Bang.Theory.S02:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Big.Bang.Theory.S01SD:Mac_Metadata < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.07.2011 12:12:57 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Mustermann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 68,68% Memory free
7,99 Gb Paging File | 6,63 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 361,25 Gb Free Space | 77,58% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 3,76 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
Computer Name: Mustermann-PC | User Name: Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011c
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.21
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0728.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0525.1
"{C7E9FB5B-626B-49D9-A99C-7BFA63C222D3}" = Railroad Tycoon II - Platinum
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar
"Bandoo" = Bandoo
"conduitEngine" = Conduit Engine
"Drakan - Order of the Flame" = Drakan - Order of the Flame
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"iLivid" = iLivid
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0728.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0525.1
"Might and Magic® VI" = Might and Magic® VI
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Mplayer.com" = Mplayer.com
"MySSID_is1" = EXPERTool 7.13
"New LEGO Digital Designer" = LEGO Digital Designer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pokémon - Zoroark" = Pokémon - Zoroark Bildschirmschoner
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"ToneDeinstKey" = Leviathan
"VLC media player" = VLC media player 1.1.10
"WorldShift" = WorldShift
"YTdetect" = Yahoo! Detect
"Zanzarah" = Zanzarah - Das verborgene Portal
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.05.2011 12:38:32 | Computer Name = Mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mustermann\Downloads\SoftonicDownloader_fuer_ideas.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 30.05.2011 13:15:20 | Computer Name = Mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mustermann\Downloads\SoftonicDownloader_fuer_ideas.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 30.05.2011 13:33:10 | Computer Name = Mustermann-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mustermann\Downloads\SoftonicDownloader_fuer_ideas.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 31.05.2011 09:13:45 | Computer Name = Mustermann-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.1.4120 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11b4 Startzeit:
01cc1f943da4fafb Endzeit: 38 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
cc782dcf-8b87-11e0-ad02-1c6f655abe0f
Error - 31.05.2011 09:15:46 | Computer Name = Mustermann-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.1.4120 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10c4 Startzeit:
01cc1f9493ea91a4 Endzeit: 51 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
12a95943-8b88-11e0-ad02-1c6f655abe0f
Error - 31.05.2011 10:00:55 | Computer Name = Mustermann-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.1.4120 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1148 Startzeit:
01cc1f95037421ce Endzeit: 63 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
64f40e98-8b8e-11e0-ad02-1c6f655abe0f
Error - 31.05.2011 10:36:28 | Computer Name = Mustermann-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.1.4120 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ee0 Startzeit:
01cc1fa0080b201c Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
5787d34b-8b93-11e0-9bc8-1c6f655abe0f
Error - 09.06.2011 12:08:07 | Computer Name = Mustermann-PC | Source = ESENT | ID = 215
Description = WinMail (3076) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 09.06.2011 12:08:12 | Computer Name = Mustermann-PC | Source = ESENT | ID = 215
Description = WinMail (3308) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 28.06.2011 11:28:27 | Computer Name = Mustermann-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 5.0.0.4183 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 430 Startzeit:
01cc35a77e3fc622 Endzeit: 46 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
3df708a4-a19b-11e0-80ae-1c6f655abe0f
[ System Events ]
Error - 03.07.2011 05:57:28 | Computer Name = Mustermann-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Realtek11nSU" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 03.07.2011 05:57:38 | Computer Name = Mustermann-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Browser Configuration Utility Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 03.07.2011 05:58:16 | Computer Name = Mustermann-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 03.07.2011 05:58:46 | Computer Name = Mustermann-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bandoo Coordinator" wurde unerwartet beendet. Dies ist bereits
2 Mal passiert.
Error - 03.07.2011 05:58:46 | Computer Name = Mustermann-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 3 Mal passiert.
Error - 03.07.2011 06:00:05 | Computer Name = Mustermann-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira AntiVir Guard" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 03.07.2011 06:00:07 | Computer Name = Mustermann-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira AntiVir Guard" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 03.07.2011 06:02:00 | Computer Name = Mustermann-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für
x64-basierte Systeme
Error - 03.07.2011 06:05:13 | Computer Name = Mustermann-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 03.07.2011 06:05:13 | Computer Name = Mustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
< End of report >
So, ich hoffe, Ihr könnt helfen, ich bin die nächsten Stunden definitiv verfügbar, wenn es fragen gibt. Vorab vielen Dank für Eure Aufmerksamkeit und Hilfe.. Gruß Roperi&Sohn |
|
03.07.2011, 13:48
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Microsoft Guard und mehr?Zitat:
Hast du auch schon Malwarebytes ausgeführt?
__________________ |
|
03.07.2011, 14:46
| #3 |
| | Microsoft Guard und mehr? Hier der gewünschte Avira Log
__________________Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 3. Juli 2011 12:11
Es wird nach 2870890 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : RITSCHE-PC
Versionsinformationen:
BUILD.DAT : 10.0.0.650 31822 Bytes 17.06.2011 15:21:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 27.04.2011 12:05:43
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.11.2010 17:13:00
LUKE.DLL : 10.0.3.2 104296 Bytes 30.11.2010 17:12:46
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:59:32
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 12:55:36
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 17:04:13
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 13:40:33
VBASE005.VDF : 7.11.8.179 2048 Bytes 31.05.2011 13:40:33
VBASE006.VDF : 7.11.8.180 2048 Bytes 31.05.2011 13:40:33
VBASE007.VDF : 7.11.8.181 2048 Bytes 31.05.2011 13:40:33
VBASE008.VDF : 7.11.8.182 2048 Bytes 31.05.2011 13:40:33
VBASE009.VDF : 7.11.8.183 2048 Bytes 31.05.2011 13:40:33
VBASE010.VDF : 7.11.8.184 2048 Bytes 31.05.2011 13:40:34
VBASE011.VDF : 7.11.8.185 2048 Bytes 31.05.2011 13:40:34
VBASE012.VDF : 7.11.8.186 2048 Bytes 31.05.2011 13:40:35
VBASE013.VDF : 7.11.8.222 121856 Bytes 02.06.2011 13:40:36
VBASE014.VDF : 7.11.9.7 134656 Bytes 04.06.2011 11:35:25
VBASE015.VDF : 7.11.9.42 136192 Bytes 06.06.2011 11:35:25
VBASE016.VDF : 7.11.9.72 117248 Bytes 07.06.2011 11:35:25
VBASE017.VDF : 7.11.9.107 130560 Bytes 09.06.2011 11:35:26
VBASE018.VDF : 7.11.9.143 132096 Bytes 10.06.2011 11:35:26
VBASE019.VDF : 7.11.9.172 141824 Bytes 14.06.2011 12:52:20
VBASE020.VDF : 7.11.9.214 144896 Bytes 15.06.2011 12:52:20
VBASE021.VDF : 7.11.9.244 196608 Bytes 16.06.2011 12:52:20
VBASE022.VDF : 7.11.10.28 152576 Bytes 20.06.2011 12:52:20
VBASE023.VDF : 7.11.10.53 210432 Bytes 21.06.2011 13:19:51
VBASE024.VDF : 7.11.10.88 132096 Bytes 24.06.2011 13:19:51
VBASE025.VDF : 7.11.10.112 138752 Bytes 27.06.2011 09:57:44
VBASE026.VDF : 7.11.10.148 162304 Bytes 29.06.2011 09:57:44
VBASE027.VDF : 7.11.10.158 168448 Bytes 29.06.2011 09:57:44
VBASE028.VDF : 7.11.10.188 175616 Bytes 01.07.2011 09:57:44
VBASE029.VDF : 7.11.10.189 2048 Bytes 01.07.2011 09:57:44
VBASE030.VDF : 7.11.10.190 2048 Bytes 01.07.2011 09:57:44
VBASE031.VDF : 7.11.10.199 35840 Bytes 02.07.2011 09:57:44
Engineversion : 8.2.5.34
AEVDF.DLL : 8.1.2.1 106868 Bytes 30.11.2010 17:12:35
AESCRIPT.DLL : 8.1.3.69 1614203 Bytes 03.07.2011 09:57:44
AESCN.DLL : 8.1.7.2 127349 Bytes 30.11.2010 17:12:34
AESBX.DLL : 8.2.1.34 323957 Bytes 02.06.2011 13:41:05
AERDL.DLL : 8.1.9.12 639348 Bytes 03.07.2011 09:57:44
AEPACK.DLL : 8.2.6.9 557429 Bytes 21.06.2011 12:52:20
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 02.06.2011 13:41:05
AEHEUR.DLL : 8.1.2.136 3584376 Bytes 03.07.2011 09:57:44
AEHELP.DLL : 8.1.17.2 246135 Bytes 22.05.2011 10:57:05
AEGEN.DLL : 8.1.5.6 401780 Bytes 22.05.2011 10:57:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 30.11.2010 17:12:29
AECORE.DLL : 8.1.21.1 196983 Bytes 27.05.2011 14:02:39
AEBB.DLL : 8.1.1.0 53618 Bytes 30.11.2010 17:12:29
AVWINLL.DLL : 10.0.0.0 19304 Bytes 30.11.2010 17:12:39
AVPREF.DLL : 10.0.0.0 44904 Bytes 30.11.2010 17:12:38
AVREP.DLL : 10.0.0.10 174120 Bytes 18.05.2011 15:14:29
AVREG.DLL : 10.0.3.2 53096 Bytes 30.11.2010 17:12:38
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 27.04.2011 12:05:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 30.11.2010 17:12:36
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 30.11.2010 17:12:37
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 30.11.2010 17:12:39
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 03.07.2011 09:57:44
RCTEXT.DLL : 10.0.64.0 98664 Bytes 03.07.2011 09:57:44
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4e400944\guard_slideup.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Beginn des Suchlaufs: Sonntag, 3. Juli 2011 12:11
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SweetIM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WN111v2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBPANEL.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Bandoo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtWlan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtlService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCUService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Ritsche\AppData\Roaming\Microsoft\jbmifq.exe'
C:\Users\Ritsche\AppData\Roaming\Microsoft\jbmifq.exe
[FUND] Ist das Trojanische Pferd TR/FakeAV.dteo
[HINWEIS] Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell> wurde erfolgreich entfernt.
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b5ae187.qua' verschoben!
Ende des Suchlaufs: Sonntag, 3. Juli 2011 12:11
Benötigte Zeit: 00:02 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
21 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
20 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
|
|
03.07.2011, 15:03
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Guard und mehr? Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.07.2011, 15:56
| #5 |
| | Microsoft Guard und mehr? Und das nächste Logfilr. Ich habe nach dem Scan noch NICHTS weiter gemacht..... Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 7011
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
03.07.2011 16:54:43
mbam-log-2011-07-03 (16-54-29).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 266639
Laufzeit: 24 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> No action taken.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger (Security.Hijack) -> Value: Debugger -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger (Security.Hijack) -> Value: Debugger -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
03.07.2011, 16:24
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Guard und mehr?Zitat:
__________________ --> Microsoft Guard und mehr? |
|
03.07.2011, 16:28
| #7 |
| | Microsoft Guard und mehr? Serwutz, entfernt, und hier das neue Log File nach der Entfernung. (Kein neuer Scan) Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 7011
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
03.07.2011 17:26:51
mbam-log-2011-07-03 (17-26-51).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 266639
Laufzeit: 24 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
03.07.2011, 16:32
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Guard und mehr?Zitat:
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.07.2011, 16:54
| #9 |
| | Microsoft Guard und mehr? Ok, alle Toolbars gelöscht. Welcher Step als nächstes? Bis zu diesem Punkt schon mal Danke für die schnelle und freundliche Hilfe, Ihr macht das wirklich Klasse. LG Roperi&Sohn |
|
03.07.2011, 17:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Guard und mehr? Bitte ein frisches OTL-Log erstellen: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.07.2011, 17:41
| #11 |
| | Microsoft Guard und mehr? Your Wish is my command. :-) Code:
ATTFilter OTL logfile created on: 03.07.2011 18:29:39 - Run 2 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Mustermann\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,80% Memory free 7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 361,36 Gb Free Space | 77,60% Space Free | Partition Type: NTFS Computer Name: Mustermann-PC | User Name: Mustermann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.03 15:40:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.03 12:08:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.04.29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.04.27 14:05:43 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.30 19:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.02 11:57:52 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe PRC - [2010.08.08 23:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.10.01 14:44:44 | 001,748,992 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe ========== Modules (SafeList) ========== MOD - [2011.07.03 12:08:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2011.07.03 15:40:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.27 14:05:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.08 23:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.08.10 22:34:50 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.02.29 03:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.07.03 15:40:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.03 15:40:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.05.19 18:57:42 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.05.19 18:42:12 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.06.22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.04.27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.21 13:01:34 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.10.01 17:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2006.11.28 22:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64) DRV:64bit: - [2006.11.28 22:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64) DRV - [2010.12.23 16:42:55 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x64\sandra.sys -- (SANDRA) DRV - [2008.10.01 17:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV - [2007.03.16 11:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 0C 34 19 B3 A2 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406" FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=" FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.27 23:20:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.01.16 14:01:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.05.30 18:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions [2011.01.16 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.27 23:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions [2011.05.04 16:50:52 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011.06.27 23:20:36 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011.06.04 18:19:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.21 16:29:56 | 000,000,927 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\conduit.xml [2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\SearchquWebSearch.xml [2011.05.30 18:39:24 | 000,003,915 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\sweetim.xml [2011.07.03 15:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.04.09 14:23:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.19 09:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 15:48:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.06 15:28:40 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] File not found O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [DATAMNGR] File not found O4 - HKLM..\Run: [jswtrayutil] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - Startup: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mustermann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mustermann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\iebho.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.03 17:48:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.07.03 16:21:34 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Malwarebytes [2011.07.03 16:21:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.03 16:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.03 16:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.03 16:21:20 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.07.03 16:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.07.03 15:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.07.03 12:11:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2011.06.26 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\TempFiles [2011.06.26 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\My Videos [2011.06.26 18:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2011.06.26 18:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2011.06.26 18:12:29 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\SelfMV [2011.06.26 18:08:20 | 000,000,000 | ---D | C] -- C:\Temp [2011.06.26 18:05:47 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Samsung [2011.06.26 18:04:48 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2011.06.26 18:04:45 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2011.06.26 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Downloaded Installations [2011.06.26 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Samsung [2011.06.26 17:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.06.26 17:58:07 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys [2011.06.26 17:58:07 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys [2011.06.26 17:58:07 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys [2011.06.26 17:58:07 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys [2011.06.26 17:58:07 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys [2011.06.26 17:58:07 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys [2011.06.26 17:58:07 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys [2011.06.26 17:57:22 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe [2011.06.26 17:57:22 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys [2011.06.26 17:57:22 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys [2011.06.26 17:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2011.06.26 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Samsung [2011.06.26 17:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2011.06.26 17:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.06.26 17:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2011.06.26 17:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung [2011.06.23 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\rtgs [2011.06.22 21:08:54 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\vlc [2011.06.22 21:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.06.22 21:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.06.22 20:50:53 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Warehouse.13.S02 [2011.06.22 20:42:06 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Warehouse.13.S01 [2011.06.22 20:12:18 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Big.Bang.Theory.S03 [2011.06.22 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Big.Bang.Theory.S02 [2011.06.22 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Big.Bang.Theory.S01SD [2011.06.11 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\LEGO Creations [2011.06.11 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\LEGO Company [2011.06.11 17:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company [2011.06.11 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company [2011.06.09 17:06:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011.06.09 17:05:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.06.09 17:02:42 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2011.06.09 17:02:26 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2011.06.04 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.04 18:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Plasmoo [2011.06.04 18:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.06.04 18:19:45 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\DVDVideoSoft [2011.06.04 18:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011.06.04 18:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Mustermann\AppData\Local\*.tmp files -> C:\Users\Mustermann\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.03 18:14:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.03 18:09:00 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.03 18:09:00 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.03 18:05:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.03 18:05:47 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.03 18:05:47 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.03 18:05:47 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.03 18:05:47 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.03 18:01:37 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.03 18:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.03 18:01:26 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2011.07.03 17:59:20 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.03 16:21:24 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.03 15:40:08 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.07.03 15:40:07 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.07.03 12:08:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2011.07.03 12:05:06 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.07.03 12:02:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011.07.03 12:02:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011.07.03 12:01:54 | 000,000,134 | ---- | M] () -- C:\Users\Mustermann\Desktop\Internet Explorer-Problembehebung.url [2011.07.03 12:01:12 | 000,050,477 | ---- | M] () -- C:\Users\Mustermann\Desktop\Defogger.exe [2011.07.03 11:56:56 | 000,000,000 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\{FA24948E-1887-4873-99F7-7035A401D8AA} [2011.06.28 22:11:33 | 000,000,000 | ---- | M] () -- C:\Users\Mustermann\defogger_reenable [2011.06.28 22:02:44 | 001,008,041 | ---- | M] () -- C:\Users\Mustermann\Desktop\rkill.com [2011.06.27 23:20:11 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.26 18:08:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.06.26 18:04:58 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.06.26 17:53:41 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2011.06.26 15:08:27 | 000,000,000 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\{A407F8EA-8D80-4B1B-B91B-4D09CAFD0CB3} [2011.06.23 19:12:48 | 018,780,143 | R--- | M] () -- C:\Users\Mustermann\Desktop\3931%20-%20Megaman%20Star%20Force%203-Black%20Ace%20%28U%29.zip [2011.06.22 21:08:50 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.06.17 12:09:33 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.06.08 16:09:08 | 000,013,445 | ---- | M] () -- C:\Users\Mustermann\Documents\ertf.rtf [2011.06.07 14:00:09 | 000,000,207 | ---- | M] () -- C:\Users\Mustermann\Documents\bxc.rtf [2011.06.07 12:01:07 | 000,000,191 | ---- | M] () -- C:\Users\Mustermann\Documents\f.rtf [2011.06.04 18:19:46 | 000,001,398 | ---- | M] () -- C:\Users\Mustermann\Desktop\Free YouTube to MP3 Converter.lnk [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Mustermann\AppData\Local\*.tmp files -> C:\Users\Mustermann\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.03 16:21:24 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.03 12:05:48 | 000,001,409 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.07.03 12:05:45 | 000,001,443 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.07.03 12:02:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.07.03 12:02:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.07.03 12:02:33 | 000,050,477 | ---- | C] () -- C:\Users\Mustermann\Desktop\Defogger.exe [2011.07.03 12:01:53 | 000,000,134 | ---- | C] () -- C:\Users\Mustermann\Desktop\Internet Explorer-Problembehebung.url [2011.07.03 11:56:56 | 000,000,000 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\{FA24948E-1887-4873-99F7-7035A401D8AA} [2011.06.28 22:12:18 | 001,008,041 | ---- | C] () -- C:\Users\Mustermann\Desktop\rkill.com [2011.06.28 22:11:33 | 000,000,000 | ---- | C] () -- C:\Users\Mustermann\defogger_reenable [2011.06.27 23:20:11 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.06.27 23:20:11 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.26 18:08:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.06.26 18:04:58 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.06.26 17:53:41 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp [2011.06.26 15:08:27 | 000,000,000 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\{A407F8EA-8D80-4B1B-B91B-4D09CAFD0CB3} [2011.06.23 19:08:16 | 018,780,143 | R--- | C] () -- C:\Users\Mustermann\Desktop\3931%20-%20Megaman%20Star%20Force%203-Black%20Ace%20%28U%29.zip [2011.06.22 21:08:50 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.06.17 12:09:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.06.17 12:09:33 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.06.09 17:03:28 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2011.06.09 17:02:13 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2011.06.09 17:01:56 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2011.06.09 17:01:56 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2011.06.09 17:01:45 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2011.06.08 15:48:20 | 000,013,445 | ---- | C] () -- C:\Users\Mustermann\Documents\ertf.rtf [2011.06.07 14:00:09 | 000,000,207 | ---- | C] () -- C:\Users\Mustermann\Documents\bxc.rtf [2011.06.07 12:01:07 | 000,000,191 | ---- | C] () -- C:\Users\Mustermann\Documents\f.rtf [2011.06.04 18:19:46 | 000,001,398 | ---- | C] () -- C:\Users\Mustermann\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.01.29 16:20:09 | 010,956,800 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.12.25 15:35:32 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2010.12.23 16:24:47 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.23 15:18:46 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.09.15 08:25:48 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.08.27 09:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.06.04 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.11 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\LEGO Company [2011.04.09 14:24:27 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\OpenOffice.org [2011.06.26 18:04:29 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Samsung [2011.01.16 14:01:20 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Thunderbird [2011.05.19 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\WorldShift [2011.06.10 18:00:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.16 18:08:31 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Adobe [2010.12.25 15:38:26 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Avira [2011.06.04 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.23 15:16:14 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Identities [2011.06.11 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\LEGO Company [2010.12.25 15:43:31 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Macromedia [2011.07.03 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Media Center Programs [2011.07.03 12:11:38 | 000,000,000 | --SD | M] -- C:\Users\Mustermann\AppData\Roaming\Microsoft [2010.12.25 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Mozilla [2011.04.09 14:24:27 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\OpenOffice.org [2011.06.26 18:04:29 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Samsung [2011.01.16 14:01:20 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Thunderbird [2011.06.22 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\vlc [2011.05.19 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\WorldShift < %APPDATA%\*.exe /s > [2011.05.01 02:22:40 | 079,929,616 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe < %SYSTEMDRIVE%\*.exe > [2010.11.18 02:30:46 | 004,302,848 | ---- | M] () -- C:\DeSmuME_dev.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX1\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX3\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Mustermann\AppData\Local\Temp\RarSFX3\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Warehouse.13.S02:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Warehouse.13.S01:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Big.Bang.Theory.S03:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Big.Bang.Theory.S02:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Mustermann\Desktop\Big.Bang.Theory.S01SD:Mac_Metadata < End of report > |
|
03.07.2011, 17:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Guard und mehr? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = htt
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="p://www.searchqu.com/406
[2011.06.27 23:20:36 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.06.04 18:19:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.21 16:29:56 | 000,000,927 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\conduit.xml
[2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\SearchquWebSearch.xml
[2011.05.30 18:39:24 | 000,003,915 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\sweetim.xml
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [BabylonToolbar] File not found
O4 - HKLM..\Run: [DATAMNGR] File not found
O4 - HKLM..\Run: [jswtrayutil] File not found
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.07.2011, 18:04
| #13 |
| | Microsoft Guard und mehr? Ferdsch Code:
ATTFilter ========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://www.searchqu.com/406" removed from browser.startup.homepage
Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&systemid=406&q="p://www.searchqu.com/406 removed from sweetim.toolbar.previous.keyword.URL
Folder C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Folder C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\8l719239.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
File C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\conduit.xml not found.
File C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\SearchquWebSearch.xml not found.
File C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\8l719239.default\searchplugins\sweetim.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.25.0 log created on 07032011_190319
|
|
03.07.2011, 18:31
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Guard und mehr? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.07.2011, 19:01
| #15 |
| | Microsoft Guard und mehr? Hier die Kapersky Log File Code:
ATTFilter 2011/07/03 20:00:31.0674 1844 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/03 20:00:31.0924 1844 ================================================================================
2011/07/03 20:00:31.0924 1844 SystemInfo:
2011/07/03 20:00:31.0924 1844
2011/07/03 20:00:31.0924 1844 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/03 20:00:31.0924 1844 Product type: Workstation
2011/07/03 20:00:31.0924 1844 ComputerName: RITSCHE-PC
2011/07/03 20:00:31.0924 1844 UserName: Ritsche
2011/07/03 20:00:31.0924 1844 Windows directory: C:\Windows
2011/07/03 20:00:31.0924 1844 System windows directory: C:\Windows
2011/07/03 20:00:31.0924 1844 Running under WOW64
2011/07/03 20:00:31.0924 1844 Processor architecture: Intel x64
2011/07/03 20:00:31.0924 1844 Number of processors: 4
2011/07/03 20:00:31.0924 1844 Page size: 0x1000
2011/07/03 20:00:31.0924 1844 Boot type: Normal boot
2011/07/03 20:00:31.0924 1844 ================================================================================
2011/07/03 20:00:32.0984 1844 Initialize success
2011/07/03 20:00:55.0807 2412 ================================================================================
2011/07/03 20:00:55.0807 2412 Scan started
2011/07/03 20:00:55.0807 2412 Mode: Manual;
2011/07/03 20:00:55.0807 2412 ================================================================================
2011/07/03 20:00:56.0166 2412 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/03 20:00:56.0228 2412 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/03 20:00:56.0275 2412 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/03 20:00:56.0353 2412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/03 20:00:56.0369 2412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/03 20:00:56.0400 2412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/03 20:00:56.0462 2412 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/03 20:00:56.0509 2412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/03 20:00:56.0556 2412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/03 20:00:56.0556 2412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/03 20:00:56.0572 2412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/03 20:00:56.0618 2412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/03 20:00:56.0650 2412 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/03 20:00:56.0665 2412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/03 20:00:56.0696 2412 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/03 20:00:56.0743 2412 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/03 20:00:56.0790 2412 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys
2011/07/03 20:00:56.0837 2412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/03 20:00:56.0868 2412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/03 20:00:56.0899 2412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/03 20:00:56.0930 2412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/03 20:00:56.0962 2412 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/03 20:00:57.0024 2412 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/03 20:00:57.0055 2412 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/03 20:00:57.0118 2412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/03 20:00:57.0149 2412 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/03 20:00:57.0180 2412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/03 20:00:57.0211 2412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/03 20:00:57.0258 2412 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/03 20:00:57.0289 2412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/03 20:00:57.0305 2412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/03 20:00:57.0320 2412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/03 20:00:57.0336 2412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/03 20:00:57.0336 2412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/03 20:00:57.0352 2412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/03 20:00:57.0367 2412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/03 20:00:57.0445 2412 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
2011/07/03 20:00:57.0476 2412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/03 20:00:57.0523 2412 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/07/03 20:00:57.0554 2412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/03 20:00:57.0601 2412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/03 20:00:57.0648 2412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/03 20:00:57.0679 2412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/03 20:00:57.0726 2412 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/03 20:00:57.0851 2412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/03 20:00:57.0898 2412 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/03 20:00:57.0929 2412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/03 20:00:57.0976 2412 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/03 20:00:58.0038 2412 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
2011/07/03 20:00:58.0085 2412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/03 20:00:58.0100 2412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/03 20:00:58.0147 2412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/03 20:00:58.0194 2412 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/03 20:00:58.0288 2412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/03 20:00:58.0412 2412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/03 20:00:58.0444 2412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/03 20:00:58.0459 2412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/03 20:00:58.0490 2412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/03 20:00:58.0506 2412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/03 20:00:58.0522 2412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/03 20:00:58.0553 2412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/03 20:00:58.0553 2412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/03 20:00:58.0600 2412 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/03 20:00:58.0631 2412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/03 20:00:58.0646 2412 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/03 20:00:58.0678 2412 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/03 20:00:58.0709 2412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/03 20:00:58.0787 2412 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
2011/07/03 20:00:58.0802 2412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/03 20:00:58.0849 2412 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/07/03 20:00:58.0880 2412 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/03 20:00:58.0896 2412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/03 20:00:58.0912 2412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/03 20:00:58.0912 2412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/03 20:00:58.0943 2412 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/07/03 20:00:58.0990 2412 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/03 20:00:59.0052 2412 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/03 20:00:59.0114 2412 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/03 20:00:59.0146 2412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/03 20:00:59.0177 2412 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/03 20:00:59.0208 2412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/03 20:00:59.0270 2412 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/03 20:00:59.0364 2412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/03 20:00:59.0411 2412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/03 20:00:59.0489 2412 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/03 20:00:59.0551 2412 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/03 20:00:59.0582 2412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/03 20:00:59.0645 2412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/03 20:00:59.0660 2412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/03 20:00:59.0692 2412 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/03 20:00:59.0770 2412 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
2011/07/03 20:00:59.0785 2412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/07/03 20:00:59.0801 2412 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/07/03 20:00:59.0816 2412 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/03 20:00:59.0848 2412 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/03 20:00:59.0879 2412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/03 20:00:59.0926 2412 lirsgt (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/03 20:00:59.0957 2412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/03 20:01:00.0004 2412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/03 20:01:00.0019 2412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/03 20:01:00.0035 2412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/03 20:01:00.0066 2412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/03 20:01:00.0082 2412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/03 20:01:00.0144 2412 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/07/03 20:01:00.0175 2412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/03 20:01:00.0191 2412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/03 20:01:00.0222 2412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/03 20:01:00.0238 2412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/03 20:01:00.0269 2412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/07/03 20:01:00.0316 2412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/03 20:01:00.0362 2412 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/03 20:01:00.0409 2412 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/03 20:01:00.0440 2412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/03 20:01:00.0487 2412 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/03 20:01:00.0534 2412 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/03 20:01:00.0550 2412 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/03 20:01:00.0581 2412 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/03 20:01:00.0628 2412 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/03 20:01:00.0674 2412 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/03 20:01:00.0721 2412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/03 20:01:00.0752 2412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/03 20:01:00.0768 2412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/03 20:01:00.0799 2412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/03 20:01:00.0815 2412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/03 20:01:00.0830 2412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/03 20:01:00.0862 2412 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/03 20:01:00.0924 2412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/03 20:01:00.0940 2412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/03 20:01:00.0971 2412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/03 20:01:00.0986 2412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/03 20:01:01.0018 2412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/03 20:01:01.0064 2412 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/03 20:01:01.0127 2412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/03 20:01:01.0142 2412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/03 20:01:01.0174 2412 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/03 20:01:01.0205 2412 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/03 20:01:01.0252 2412 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/03 20:01:01.0267 2412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/03 20:01:01.0314 2412 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/03 20:01:01.0361 2412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/03 20:01:01.0392 2412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/03 20:01:01.0408 2412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/03 20:01:01.0454 2412 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/03 20:01:01.0501 2412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/03 20:01:01.0564 2412 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
2011/07/03 20:01:01.0813 2412 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/03 20:01:02.0047 2412 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/03 20:01:02.0078 2412 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/03 20:01:02.0141 2412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/03 20:01:02.0172 2412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/03 20:01:02.0203 2412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/03 20:01:02.0250 2412 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/03 20:01:02.0297 2412 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
2011/07/03 20:01:02.0344 2412 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
2011/07/03 20:01:02.0375 2412 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/03 20:01:02.0406 2412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/03 20:01:02.0422 2412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/03 20:01:02.0453 2412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/03 20:01:02.0484 2412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/03 20:01:02.0562 2412 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/03 20:01:02.0578 2412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/03 20:01:02.0624 2412 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/03 20:01:02.0656 2412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/03 20:01:02.0702 2412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/03 20:01:02.0718 2412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/03 20:01:02.0734 2412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/03 20:01:02.0749 2412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/03 20:01:02.0780 2412 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/03 20:01:02.0812 2412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/03 20:01:02.0827 2412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/03 20:01:02.0874 2412 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/03 20:01:02.0921 2412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/03 20:01:02.0952 2412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/03 20:01:02.0999 2412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/03 20:01:03.0014 2412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/03 20:01:03.0030 2412 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/03 20:01:03.0061 2412 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/03 20:01:03.0108 2412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/03 20:01:03.0170 2412 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/03 20:01:03.0295 2412 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x64\Sandra.sys
2011/07/03 20:01:03.0373 2412 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/03 20:01:03.0420 2412 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/03 20:01:03.0467 2412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/03 20:01:03.0498 2412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/03 20:01:03.0514 2412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/03 20:01:03.0545 2412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/03 20:01:03.0592 2412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/03 20:01:03.0607 2412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/03 20:01:03.0607 2412 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/03 20:01:03.0638 2412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/03 20:01:03.0670 2412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/03 20:01:03.0685 2412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/03 20:01:03.0701 2412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/03 20:01:03.0732 2412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/03 20:01:03.0779 2412 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/03 20:01:03.0810 2412 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/03 20:01:03.0841 2412 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/03 20:01:03.0888 2412 ssadbus (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/07/03 20:01:03.0904 2412 ssadmdfl (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/07/03 20:01:03.0935 2412 ssadmdm (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/07/03 20:01:03.0966 2412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/03 20:01:04.0013 2412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/03 20:01:04.0122 2412 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/03 20:01:04.0216 2412 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/03 20:01:04.0262 2412 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/03 20:01:04.0294 2412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/03 20:01:04.0294 2412 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/03 20:01:04.0325 2412 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/03 20:01:04.0340 2412 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/03 20:01:04.0403 2412 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/07/03 20:01:04.0450 2412 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/03 20:01:04.0481 2412 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/03 20:01:04.0528 2412 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/03 20:01:04.0559 2412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/03 20:01:04.0590 2412 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/03 20:01:04.0668 2412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/03 20:01:04.0715 2412 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/03 20:01:04.0746 2412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/03 20:01:04.0777 2412 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/03 20:01:04.0824 2412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/03 20:01:04.0855 2412 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/03 20:01:04.0871 2412 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/03 20:01:04.0902 2412 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/03 20:01:04.0918 2412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/03 20:01:04.0949 2412 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/03 20:01:04.0980 2412 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/07/03 20:01:05.0011 2412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/03 20:01:05.0042 2412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/03 20:01:05.0058 2412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/03 20:01:05.0089 2412 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/03 20:01:05.0105 2412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/03 20:01:05.0136 2412 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/03 20:01:05.0167 2412 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/03 20:01:05.0198 2412 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/03 20:01:05.0245 2412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/03 20:01:05.0261 2412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/03 20:01:05.0292 2412 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/03 20:01:05.0308 2412 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/03 20:01:05.0339 2412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/03 20:01:05.0370 2412 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/03 20:01:05.0386 2412 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/03 20:01:05.0417 2412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/03 20:01:05.0448 2412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/03 20:01:05.0495 2412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/03 20:01:05.0526 2412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/03 20:01:05.0588 2412 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/03 20:01:05.0620 2412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/03 20:01:05.0666 2412 WN111v2 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
2011/07/03 20:01:05.0744 2412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/03 20:01:05.0791 2412 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/03 20:01:05.0822 2412 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/03 20:01:05.0869 2412 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/03 20:01:05.0869 2412 Boot (0x1200) (ed596aec11600ee7be1393ecd06bc1c2) \Device\Harddisk0\DR0\Partition0
2011/07/03 20:01:05.0900 2412 Boot (0x1200) (e3509b1f6f38841a5562018cbeeb9f65) \Device\Harddisk0\DR0\Partition1
2011/07/03 20:01:05.0900 2412 ================================================================================
2011/07/03 20:01:05.0900 2412 Scan finished
2011/07/03 20:01:05.0900 2412 ================================================================================
2011/07/03 20:01:05.0900 3100 Detected object count: 0
2011/07/03 20:01:05.0900 3100 Actual detected object count: 0
|
|
| Themen zu Microsoft Guard und mehr? |
| 64-bit, alternate, antivir guard, babylon toolbar, babylontoolbar, bandoo, c:\windows\system32\rundll32.exe, conduit, device driver, flash player, frage, gainward, google earth, home, install.exe, langs, mozilla thunderbird, plug-in, realtek, richtlinie, searchqu toolbar, security, security.hijack, start menu, svchost.exe, syswow64, tr/fakeav.dteo, trojaner, webcheck, windows internet |
Textbox.
.
Hybrid-Darstellung
