| |
| |||||||
Log-Analyse und Auswertung: Trojaner System RepairWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.07.2011, 13:04
| #1 |
 |  Trojaner System Repair Hallo habe folgendes Problem. Mein Rechner hat einen Virus und zwar den System Repair, das konnte ich von Eurer Seite aus raus lesen. Symtome wie folgt: Datein verschinden, Rechner meldet das die Festplatte defekt ist und der Ram speicher. Ist mein erstes mal das ich sowas hier mache hoffe Ihr könnt mir helfen und ich habe dies richtig gemacht. |
|
26.07.2011, 13:14
| #2 |
| |  Trojaner System Repair So noch die benötigten Logfiles
__________________Code:
ATTFilter OTL logfile created on: 26.07.2011 13:27:29 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Oma & Opa\Downloads Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free 6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 87,07 Gb Free Space | 60,44% Space Free | Partition Type: NTFS Drive D: | 7,39 Gb Total Space | 2,80 Gb Free Space | 37,82% Space Free | Partition Type: FAT32 Drive E: | 140,50 Gb Total Space | 136,63 Gb Free Space | 97,25% Space Free | Partition Type: NTFS Drive K: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: ASPIRE8920 | User Name: Oma & Opa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.26 13:25:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Oma & Opa\Downloads\OTL.exe PRC - [2011.06.27 18:46:55 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\ Firefox\firefox.exe PRC - [2011.06.15 00:12:41 | 003,337,728 | -H-- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2011.03.09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2008.03.07 15:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.04 23:38:34 | 000,500,784 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.02.15 09:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.01.21 04:23:48 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:23:48 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (SafeList) ========== MOD - [2011.07.26 13:25:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Oma & Opa\Downloads\OTL.exe MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (McNASvc) SRV - [2011.03.09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2008.03.07 15:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.04 23:38:34 | 000,500,784 | -H-- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.02.15 09:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.01.21 04:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV - [2011.06.15 11:03:34 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.06.15 00:12:33 | 000,043,184 | -H-- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.03.11 13:38:00 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.03.07 19:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.03.05 09:25:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.15 09:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.12.18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.12.16 17:57:20 | 000,075,776 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\ Firefox\components [2011.07.24 16:15:12 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\ Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\ Firefox\components [2011.07.24 16:15:12 | 000,000,000 | -H-D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\ Firefox\plugins [2011.06.15 01:01:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Oma & Opa\AppData\Roaming\mozilla\Extensions [2011.06.15 11:15:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Oma & Opa\AppData\Roaming\mozilla\Firefox\Profiles\f0pc41c2.default\extensions [2011.06.15 11:13:44 | 000,002,055 | -H-- | M] () -- C:\Users\Oma & Opa\AppData\Roaming\Mozilla\Firefox\Profiles\f0pc41c2.default\searchplugins\daemon-search.xml File not found (No name found) -- O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - Startup: C:\Users\Oma & Opa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Users\Oma & Opa\Pictures\Leon Bilder\ni.jpg O24 - Desktop BackupWallPaper: C:\Users\Oma & Opa\Pictures\Leon Bilder\ni.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Programme\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: Conime - hkey= - key= - File not found MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: EKIJ5000StatusMonitor - hkey= - key= - File not found MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) MsConfig - StartUpReg: irVQprUycRbWhE - hkey= - key= - C:\ProgramData\irVQprUycRbWhE.exe () MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) MsConfig - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe () MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: ZPdtWzdVitaKey MC3000 - hkey= - key= - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) MsConfig - State: "startup" - 1 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.26 13:15:53 | 000,000,000 | ---D | C] -- C:\31c63ce05277c04d8591 [2011.07.26 13:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2011.07.24 17:23:48 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.07.03 16:05:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\LightScribe [2011.07.03 16:04:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\NtiDvdCopy [2011.07.03 16:01:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\PhotoStitch [2011.07.03 15:56:30 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\AppData\Roaming\ZoomBrowser EX [2011.07.03 15:54:47 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\AppData\Roaming\CANON INC [2011.07.03 15:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2011.07.03 15:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2011.07.03 15:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon [2011.07.03 15:33:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2011.07.03 15:03:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.07.03 14:05:01 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Johann Lafer Hits aus meiner Küche [2011.07.03 14:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Johann Lafer Hits aus meiner Küche [2011.07.03 14:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\DNA Digital Media Group [2011.07.03 14:03:25 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2011.07.03 13:39:02 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\AppData\Roaming\dvdcss [2011.07.03 11:28:48 | 000,075,776 | ---- | C] (Wasay) -- C:\Windows\System32\drivers\WSVD.sys [2011.06.28 18:01:02 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\AppData\Local\Eastman_Kodak_Company [2011.06.28 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker [2011.06.28 17:51:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\PhotoMail [2011.06.28 17:45:44 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\AppData\Local\IM [2011.06.28 17:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail [2011.06.28 17:45:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\IncrediMail [2011.06.28 17:45:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\IM [2011.06.28 17:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak [2011.06.28 17:26:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak [2011.06.28 17:01:06 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\Documents\WISO [2011.06.28 17:00:23 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\Documents\Steuer-Sparbuch [2011.06.28 16:56:03 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\Documents\Mein Steuer-Sparbuch Heute [2011.06.28 16:56:02 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\Documents\Sparbuch [2011.06.28 16:54:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\UAB [2011.06.28 16:54:32 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\AppData\Local\PC_Drivers_Headquarters [2011.06.28 16:54:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Easy Driver Pro [2011.06.28 16:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro [2011.06.28 16:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Driver Pro [2011.06.28 16:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak [2011.06.28 16:38:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Kodak [2011.06.28 16:33:08 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\AppData\Roaming\Temp [2011.06.28 16:33:07 | 000,000,000 | -H-D | C] -- C:\Users\Oma & Opa\AppData\Local\Eastman Kodak Company ========== Files - Modified Within 30 Days ========== [2011.07.26 13:26:09 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.26 13:26:09 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.26 13:26:09 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.26 13:26:09 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.26 13:19:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.26 13:19:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.26 13:18:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.07.26 13:18:16 | 000,382,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.26 13:18:07 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.07.26 13:16:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.07.26 13:16:04 | 000,000,020 | ---- | M] () -- C:\Users\Oma & Opa\defogger_reenable [2011.07.24 13:36:23 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz [2011.07.24 13:36:23 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr [2011.07.24 13:36:22 | 000,000,611 | -H-- | M] () -- C:\Users\Oma & Opa\Desktop\System Repair.lnk [2011.07.24 13:36:21 | 000,000,336 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz [2011.07.24 13:36:11 | 000,382,976 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe [2011.07.24 13:26:40 | 000,491,520 | -H-- | M] () -- C:\ProgramData\irVQprUycRbWhE.exe [2011.07.24 13:21:27 | 000,090,143 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.07.05 11:17:44 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll [2011.07.03 16:07:19 | 000,000,000 | -H-- | M] () -- C:\Windows\jcmkr32.INI [2011.07.03 15:54:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.07.03 14:41:57 | 000,021,504 | -H-- | M] () -- C:\Users\Oma & Opa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.03 14:34:36 | 000,001,289 | -H-- | M] () -- C:\Users\Oma & Opa\Desktop\Johann Lafer Hits aus meiner Küche.lnk ========== Files Created - No Company Name ========== [2011.07.26 13:15:48 | 000,000,020 | ---- | C] () -- C:\Users\Oma & Opa\defogger_reenable [2011.07.26 13:07:16 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.07.26 13:07:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.07.26 13:07:14 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2011.07.24 13:36:23 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr [2011.07.24 13:36:22 | 000,000,611 | -H-- | C] () -- C:\Users\Oma & Opa\Desktop\System Repair.lnk [2011.07.24 13:36:22 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz [2011.07.24 13:36:21 | 000,000,336 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz [2011.07.24 13:36:11 | 000,382,976 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe [2011.07.24 13:26:52 | 000,491,520 | -H-- | C] () -- C:\ProgramData\irVQprUycRbWhE.exe [2011.07.03 16:07:19 | 000,000,000 | -H-- | C] () -- C:\Windows\jcmkr32.INI [2011.07.03 15:54:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.07.03 14:05:01 | 000,001,289 | -H-- | C] () -- C:\Users\Oma & Opa\Desktop\Johann Lafer Hits aus meiner Küche.lnk [2011.06.28 17:26:46 | 000,021,504 | -H-- | C] () -- C:\Users\Oma & Opa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.24 20:23:36 | 000,000,000 | -H-- | C] () -- C:\Users\Oma & Opa\AppData\Roaming\wklnhst.dat [2011.06.15 11:00:55 | 000,090,143 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2011.06.15 11:00:55 | 000,090,143 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2011.06.15 11:00:54 | 000,007,592 | -H-- | C] () -- C:\Users\Oma & Opa\AppData\Local\d3d9caps.dat [2011.06.15 01:07:41 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.06.15 01:07:41 | 000,000,038 | -H-- | C] () -- C:\Windows\avisplitter.ini [2011.06.15 01:07:40 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.06.15 01:07:40 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.06.15 01:07:39 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.06.15 01:01:18 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2011.06.15 00:24:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.06.15 00:16:02 | 000,000,057 | -H-- | C] () -- C:\Windows\PidList.ini [2011.06.15 00:16:01 | 000,200,704 | -H-- | C] () -- C:\Windows\PLFSetI.exe [2011.06.15 00:12:54 | 001,548,099 | -H-- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.04.08 13:28:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.04.08 13:28:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.04.08 12:36:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.04.08 12:27:16 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.04.08 12:18:59 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.04.08 12:18:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.04.08 12:16:49 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2008.04.08 05:55:03 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.01.21 10:24:09 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 10:24:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 10:24:09 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 10:24:09 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.01.21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2008.01.21 04:23:38 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007.04.24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 14:55:52 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:46:27 | 000,382,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011.06.15 00:34:48 | 000,000,000 | -H-D | M] -- C:\Users\Oma & Opa\AppData\Roaming\Acer [2008.04.08 12:50:57 | 000,000,000 | -H-D | M] -- C:\Users\Oma & Opa\AppData\Roaming\Acer GameZone Console [2011.06.15 10:58:49 | 000,000,000 | -H-D | M] -- C:\Users\Oma & Opa\AppData\Roaming\DAEMON Tools Lite [2011.06.28 16:38:53 | 000,000,000 | -H-D | M] -- C:\Users\Oma & Opa\AppData\Roaming\Temp [2011.06.24 20:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Oma & Opa\AppData\Roaming\Template [2011.06.15 00:12:21 | 000,000,000 | -H-D | M] -- C:\Users\Oma & Opa\AppData\Roaming\Validity [2011.07.26 13:16:44 | 000,030,212 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.26 13:15:48 | 000,000,000 | -H-D | M] -- C:\ Firefox [2011.06.15 00:07:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.07.26 13:15:54 | 000,000,000 | ---D | M] -- C:\31c63ce05277c04d8591 [2011.06.15 00:39:47 | 000,000,000 | -H-D | M] -- C:\ACER [2008.04.08 13:30:20 | 000,000,000 | -H-D | M] -- C:\book [2008.04.08 05:57:07 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.24 16:15:20 | 000,000,000 | -H-D | M] -- C:\CLSetup [2008.04.08 12:51:51 | 000,000,000 | -H-D | M] -- C:\Convesoft [2006.11.02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.15 00:03:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.04.08 12:10:04 | 000,000,000 | -H-D | M] -- C:\Intel [2008.04.08 12:52:20 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:30:50 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.26 13:04:32 | 000,000,000 | R--D | M] -- C:\Program Files [2011.07.24 17:12:01 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.06.15 00:03:00 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.26 13:28:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.15 00:06:19 | 000,000,000 | R--D | M] -- C:\Users [2011.07.26 13:16:12 | 000,000,000 | -H-D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.01.21 04:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe [2008.01.21 04:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:23:00 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:23:00 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2008.01.21 04:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-26 11:15:41 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.07.2011 13:27:29 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Oma & Opa\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,06% Memory free
6,19 Gb Paging File | 5,09 Gb Available in Paging File | 82,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 87,07 Gb Free Space | 60,44% Space Free | Partition Type: NTFS
Drive D: | 7,39 Gb Total Space | 2,80 Gb Free Space | 37,82% Space Free | Partition Type: FAT32
Drive E: | 140,50 Gb Total Space | 136,63 Gb Free Space | 97,25% Space Free | Partition Type: NTFS
Drive K: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Computer Name: ASPIRE8920 | User Name: Oma & Opa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\ Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\ Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\ Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\ Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{89FAEAF8-4CF6-4DA1-81EC-C1C380D5E155}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A2D3F230-28FA-4FB5-8A5D-9015A83A9827}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{BAE425C2-36F3-429F-98E6-5B4683F95959}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{C52F935B-593C-45FD-8AD6-6FE4C4BD606E}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{F91F5C18-E8D5-4522-83B2-3EC5091EDBDE}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FBBC9E-BDB5-4586-85F6-36E13885CF32}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{167D8C0D-6541-41F2-A361-90BFF8DEA0C7}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{21CF27D9-1DC4-4224-8991-8F1EF51F49D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3799B14C-0775-4250-B444-39402A499CA4}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{43E307A9-3434-4C88-B214-69DFD09EC307}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{493B2813-14CB-4700-B3F6-F362E29A4BFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{537C2F0F-32CA-49D3-80D1-645CDB0CEC51}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{67E654DF-4DA3-4A60-B8C6-B400845B1A8C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{821E0A44-A12D-4B79-9546-8240CED23C00}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8F3641F2-A7EC-4D0D-9319-262FCC370164}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AAEF00A5-D87B-40A2-A7F4-91F438346DD4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AF68CB72-6914-49EB-8708-915754E56BC9}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{B40BDD69-AAB6-4919-BFE8-E50CC886E83B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B6B8E840-9661-43BC-A129-5F5EE9AF9A16}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{C050EF1E-9415-4F81-A536-69A8237238A0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{C9A60221-D7BF-417B-B8BF-B7BA1320191C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D492B3E7-B681-42F1-820B-0C00D37C7D2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DF73D121-922A-4327-AD68-CD829FFF067D}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{E768CB21-58C1-4E4E-9C95-07B805D57412}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{EA841B75-76A8-4BC3-AE41-3BF7DC9DE026}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{FC9912F9-AB84-4869-9D43-5086D79062FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.55.312
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Acer Acer Bio Protection 6.0.00.08" = Acer Bio Protection
AAV 6.0.00.08
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Johann Lafer Hits aus meiner Küche" = Johann Lafer Hits aus meiner Küche
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
"LManager" = Launch Manager
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoMail" = PhotoMail Maker
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.07.2011 07:40:58 | Computer Name = Aspire8920 | Source = VSS | ID = 12289
Description =
Error - 24.07.2011 07:40:58 | Computer Name = Aspire8920 | Source = VSS | ID = 12289
Description =
Error - 24.07.2011 07:41:02 | Computer Name = Aspire8920 | Source = VSS | ID = 12289
Description =
Error - 24.07.2011 07:41:02 | Computer Name = Aspire8920 | Source = VSS | ID = 12289
Description =
Error - 24.07.2011 07:41:02 | Computer Name = Aspire8920 | Source = VSS | ID = 12289
Description =
Error - 24.07.2011 08:46:25 | Computer Name = Aspire8920 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung P1kAlMiG2Kb7Fz.exe, Version 0.1.0.0, Zeitstempel
0x4e1c0ed2, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00200070, Prozess-ID 0x9cc, Anwendungsstartzeit
01cc49ffac23e5a7.
Error - 24.07.2011 08:53:40 | Computer Name = Aspire8920 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f, Prozess-ID 0x8f4, Anwendungsstartzeit
01cc4a00b5557410.
Error - 24.07.2011 08:53:47 | Computer Name = Aspire8920 | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2011 10:02:14 | Computer Name = Aspire8920 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f, Prozess-ID 0x900, Anwendungsstartzeit
01cc4a0a49996a14.
Error - 24.07.2011 10:02:22 | Computer Name = Aspire8920 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 24.07.2011 11:05:23 | Computer Name = Aspire8920 | Source = Service Control Manager | ID = 7023
Description =
Error - 24.07.2011 11:07:32 | Computer Name = Aspire8920 | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2011 11:12:05 | Computer Name = Aspire8920 | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 24.07.2011 11:12:07 | Computer Name = Aspire8920 | Source = HTTP | ID = 15016
Description =
Error - 24.07.2011 11:12:13 | Computer Name = Aspire8920 | Source = Service Control Manager | ID = 7023
Description =
Error - 24.07.2011 11:14:21 | Computer Name = Aspire8920 | Source = Service Control Manager | ID = 7000
Description =
Error - 24.07.2011 11:24:43 | Computer Name = Aspire8920 | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 24.07.2011 11:24:44 | Computer Name = Aspire8920 | Source = HTTP | ID = 15016
Description =
Error - 24.07.2011 11:24:51 | Computer Name = Aspire8920 | Source = Service Control Manager | ID = 7023
Description =
Error - 24.07.2011 11:26:50 | Computer Name = Aspire8920 | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-26 14:06:23
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: kruohd5i.exe; Driver: C:\Users\OMA&OP~1\AppData\Local\Temp\pgldifod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E40C340, 0x3D50E7, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0x8FBE6000]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last section [0x8FBE7000, 0x1000, 0x00000000]
---- User code sections - GMER 1.0.15 ----
.text C:\ Firefox\firefox.exe[2776] ntdll.dll!LdrLoadDll 76FB7933 5 Bytes JMP 00FE1410 C:\ Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Windows\Explorer.EXE[3928] SHELL32.dll!InitNetworkAddressControl + 2939 75A30064 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec6fdf
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec6fdf@0024ef09613f 0xA4 0x5F 0xCF 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x49 0x60 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec6fdf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec6fdf@0024ef09613f 0xA4 0x5F 0xCF 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x49 0x60 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000 240 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0004.000 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0004.001 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0004.002 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci 155648 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.dir 49152 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wsb 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.ci 69632 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.ci 159744 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl3.gthr 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0014A.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0014B.log 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0015F.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00160.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00161.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00162.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00163.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00164.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00165.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00166.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00167.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00168.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00169.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0016A.log 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0014C.log 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0015E.log 131072 bytes
File C:\Windows\assembly\NativeImages_v2.0.50727_32\index159.dat 0 bytes
File C:\Windows\assembly\NativeImages_v2.0.50727_32\index15a.dat 0 bytes
---- EOF - GMER 1.0.15 ----
|
|
26.07.2011, 16:07
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner System Repair Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
26.07.2011, 18:14
| #4 |
| | Trojaner System Repair So habe ich getan hoffe es hilft. Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7283
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
26.07.2011 19:11:20
mbam-log-2011-07-26 (19-11-20).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|K:\|)
Durchsuchte Objekte: 253310
Laufzeit: 35 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\oma & opa\AppData\Local\Temp\tmpDC3A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
|
|
26.07.2011, 20:03
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner System Repair Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.07.2011, 10:57
| #6 |
| | Trojaner System Repair Hallo nein leiter nicht |
|
27.07.2011, 11:03
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner System Repair Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.07.24 13:36:23 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.07.24 13:36:23 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.07.24 13:36:22 | 000,000,611 | -H-- | M] () -- C:\Users\Oma & Opa\Desktop\System Repair.lnk
[2011.07.24 13:36:21 | 000,000,336 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.07.24 13:36:11 | 000,382,976 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011.07.24 13:26:40 | 000,491,520 | -H-- | M] () -- C:\ProgramData\irVQprUycRbWhE.exe
[2011.07.26 13:07:14 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011.07.24 13:36:23 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.07.24 13:36:22 | 000,000,611 | -H-- | C] () -- C:\Users\Oma & Opa\Desktop\System Repair.lnk
[2011.07.24 13:36:22 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.07.24 13:36:21 | 000,000,336 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.07.24 13:36:11 | 000,382,976 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz.exe
[2011.07.24 13:26:52 | 000,491,520 | -H-- | C] () -- C:\ProgramData\irVQprUycRbWhE.exe
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2011, 11:53
| #8 |
| |  Trojaner System Repair Malwarebytes hat nur die eine Logfile zum vorschein gebracht. |
|
27.07.2011, 12:06
| #9 |
| | Trojaner System Repair Fehler beim Erstellen des Logfiles |
|
27.07.2011, 12:07
| #10 |
| | Trojaner System Repair jetzt macht er einen neustart warum auch immer  |
|
27.07.2011, 12:20
| #11 |
| | Trojaner System Repair hat geklappt Code:
ATTFilter ========== OTL ==========
C:\ProgramData\~P1kAlMiG2Kb7Fz moved successfully.
C:\ProgramData\~P1kAlMiG2Kb7Fzr moved successfully.
File C:\Users\Oma & Opa\Desktop\System Repair.lnk not found.
C:\ProgramData\P1kAlMiG2Kb7Fz moved successfully.
File C:\ProgramData\P1kAlMiG2Kb7Fz.exe not found.
File C:\ProgramData\irVQprUycRbWhE.exe not found.
C:\Windows\System32\korwbrkr.lex moved successfully.
File C:\ProgramData\~P1kAlMiG2Kb7Fzr not found.
File C:\Users\Oma & Opa\Desktop\System Repair.lnk not found.
File C:\ProgramData\~P1kAlMiG2Kb7Fz not found.
File C:\ProgramData\P1kAlMiG2Kb7Fz not found.
File C:\ProgramData\P1kAlMiG2Kb7Fz.exe not found.
File C:\ProgramData\irVQprUycRbWhE.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 07272011_131858
|
|
27.07.2011, 12:28
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner System Repair Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2011, 12:55
| #13 |
| | Trojaner System Repair also ich habe es mit 7 zip gezippt, nur eine frage habe ich, der Link zum Thema im Forum ist doch der der ganz oben steht oder ? Zumindest habe ich den reingeschrieben und losgeschickt es wurde bestädigt das es geklappt hätte aber es steht nichts imn Forum ?   |
|
27.07.2011, 13:25
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner System Repair Die Datei die du hochgeladen hast soll ja auch nicht öffentlich hier stehen oder willst du dass jeder sich deine Schädlinge anschauen darf!  Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2011, 13:32
| #15 |
| | Trojaner System RepairCode:
ATTFilter 2011/07/27 14:30:57.0921 2316 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/27 14:30:58.0155 2316 ================================================================================
2011/07/27 14:30:58.0155 2316 SystemInfo:
2011/07/27 14:30:58.0155 2316
2011/07/27 14:30:58.0155 2316 OS Version: 6.0.6001 ServicePack: 1.0
2011/07/27 14:30:58.0155 2316 Product type: Workstation
2011/07/27 14:30:58.0155 2316 ComputerName: ASPIRE8920
2011/07/27 14:30:58.0155 2316 UserName: Oma & Opa
2011/07/27 14:30:58.0155 2316 Windows directory: C:\Windows
2011/07/27 14:30:58.0155 2316 System windows directory: C:\Windows
2011/07/27 14:30:58.0155 2316 Processor architecture: Intel x86
2011/07/27 14:30:58.0155 2316 Number of processors: 2
2011/07/27 14:30:58.0155 2316 Page size: 0x1000
2011/07/27 14:30:58.0155 2316 Boot type: Normal boot
2011/07/27 14:30:58.0155 2316 ================================================================================
2011/07/27 14:30:59.0559 2316 Initialize success
2011/07/27 14:31:02.0383 2320 ================================================================================
2011/07/27 14:31:02.0383 2320 Scan started
2011/07/27 14:31:02.0383 2320 Mode: Manual;
2011/07/27 14:31:02.0383 2320 ================================================================================
2011/07/27 14:31:03.0365 2320 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/07/27 14:31:03.0397 2320 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/27 14:31:03.0443 2320 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/27 14:31:03.0459 2320 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/27 14:31:03.0490 2320 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/27 14:31:03.0553 2320 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/07/27 14:31:03.0615 2320 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/07/27 14:31:03.0677 2320 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/27 14:31:03.0693 2320 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/27 14:31:03.0740 2320 AlfaFF (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys
2011/07/27 14:31:03.0787 2320 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/27 14:31:03.0818 2320 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/27 14:31:03.0818 2320 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/27 14:31:03.0865 2320 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/27 14:31:03.0880 2320 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/27 14:31:03.0927 2320 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/27 14:31:03.0974 2320 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/27 14:31:04.0005 2320 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/27 14:31:04.0021 2320 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/07/27 14:31:04.0083 2320 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/27 14:31:04.0114 2320 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/27 14:31:04.0161 2320 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/27 14:31:04.0192 2320 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/27 14:31:04.0208 2320 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/27 14:31:04.0239 2320 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/27 14:31:04.0270 2320 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/27 14:31:04.0270 2320 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/27 14:31:04.0286 2320 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/27 14:31:04.0348 2320 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/27 14:31:04.0395 2320 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/27 14:31:04.0411 2320 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/27 14:31:04.0473 2320 BthPort (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
2011/07/27 14:31:04.0520 2320 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/27 14:31:04.0582 2320 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/07/27 14:31:04.0613 2320 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/07/27 14:31:04.0645 2320 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/27 14:31:04.0691 2320 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/27 14:31:04.0723 2320 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/27 14:31:04.0754 2320 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/27 14:31:04.0785 2320 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/07/27 14:31:04.0847 2320 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/27 14:31:04.0894 2320 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/27 14:31:04.0894 2320 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/27 14:31:04.0925 2320 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/27 14:31:04.0957 2320 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/27 14:31:05.0003 2320 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/07/27 14:31:05.0035 2320 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/07/27 14:31:05.0113 2320 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/07/27 14:31:05.0159 2320 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/07/27 14:31:05.0253 2320 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/07/27 14:31:05.0347 2320 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/27 14:31:05.0518 2320 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/27 14:31:05.0581 2320 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/27 14:31:05.0627 2320 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/07/27 14:31:05.0674 2320 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/27 14:31:05.0705 2320 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/27 14:31:05.0737 2320 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/07/27 14:31:05.0768 2320 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/07/27 14:31:05.0815 2320 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/27 14:31:05.0846 2320 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/27 14:31:05.0893 2320 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/27 14:31:05.0908 2320 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/27 14:31:05.0955 2320 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/07/27 14:31:05.0986 2320 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/27 14:31:06.0002 2320 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/27 14:31:06.0033 2320 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/27 14:31:06.0064 2320 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/27 14:31:06.0095 2320 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/27 14:31:06.0127 2320 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/27 14:31:06.0158 2320 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/27 14:31:06.0205 2320 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/27 14:31:06.0236 2320 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/27 14:31:06.0267 2320 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/07/27 14:31:06.0283 2320 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/27 14:31:06.0329 2320 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/27 14:31:06.0376 2320 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/27 14:31:06.0407 2320 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/27 14:31:06.0439 2320 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/27 14:31:06.0470 2320 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/07/27 14:31:06.0579 2320 IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/27 14:31:06.0657 2320 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/27 14:31:06.0688 2320 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/27 14:31:06.0719 2320 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/27 14:31:06.0766 2320 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/27 14:31:06.0797 2320 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/27 14:31:06.0844 2320 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/27 14:31:06.0891 2320 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/27 14:31:06.0922 2320 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/27 14:31:06.0953 2320 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/27 14:31:06.0985 2320 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
2011/07/27 14:31:07.0016 2320 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/27 14:31:07.0047 2320 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/27 14:31:07.0063 2320 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/27 14:31:07.0109 2320 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/27 14:31:07.0172 2320 L1E (999ff607e8870f3d6106ae93b41c2cd5) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/07/27 14:31:07.0203 2320 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/27 14:31:07.0250 2320 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/27 14:31:07.0265 2320 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/27 14:31:07.0312 2320 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/27 14:31:07.0328 2320 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/27 14:31:07.0390 2320 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/07/27 14:31:07.0453 2320 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/27 14:31:07.0484 2320 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/27 14:31:07.0546 2320 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/27 14:31:07.0577 2320 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/27 14:31:07.0609 2320 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/27 14:31:07.0624 2320 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/27 14:31:07.0655 2320 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/27 14:31:07.0687 2320 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/27 14:31:07.0718 2320 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/27 14:31:07.0733 2320 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/27 14:31:07.0749 2320 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/07/27 14:31:07.0796 2320 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/27 14:31:07.0811 2320 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/27 14:31:07.0827 2320 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/27 14:31:07.0858 2320 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/27 14:31:07.0889 2320 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/27 14:31:07.0921 2320 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/27 14:31:07.0967 2320 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/27 14:31:07.0999 2320 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/27 14:31:08.0045 2320 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/27 14:31:08.0061 2320 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/27 14:31:08.0092 2320 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/07/27 14:31:08.0108 2320 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/27 14:31:08.0123 2320 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/27 14:31:08.0155 2320 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/07/27 14:31:08.0233 2320 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/27 14:31:08.0311 2320 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/07/27 14:31:08.0342 2320 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/27 14:31:08.0373 2320 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/27 14:31:08.0404 2320 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/27 14:31:08.0420 2320 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/27 14:31:08.0435 2320 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/27 14:31:08.0467 2320 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/27 14:31:08.0576 2320 NETw4v32 (caaea35dae7f4c19db05481dac22c2ba) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/07/27 14:31:08.0654 2320 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/27 14:31:08.0685 2320 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/07/27 14:31:08.0701 2320 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/27 14:31:08.0747 2320 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/07/27 14:31:08.0825 2320 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/07/27 14:31:08.0935 2320 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
2011/07/27 14:31:09.0075 2320 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/27 14:31:09.0153 2320 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/27 14:31:09.0543 2320 nvlddmkm (87a335a444551a432226720d18337ad9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/27 14:31:09.0808 2320 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/27 14:31:09.0855 2320 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/27 14:31:09.0886 2320 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/27 14:31:09.0964 2320 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/07/27 14:31:10.0027 2320 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/27 14:31:10.0042 2320 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/07/27 14:31:10.0073 2320 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/27 14:31:10.0136 2320 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/07/27 14:31:10.0151 2320 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/27 14:31:10.0183 2320 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/27 14:31:10.0229 2320 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/27 14:31:10.0307 2320 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/27 14:31:10.0339 2320 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/27 14:31:10.0401 2320 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/27 14:31:10.0417 2320 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/07/27 14:31:10.0479 2320 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/07/27 14:31:10.0526 2320 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/07/27 14:31:10.0573 2320 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/27 14:31:10.0635 2320 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/27 14:31:10.0666 2320 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/27 14:31:10.0697 2320 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/27 14:31:10.0713 2320 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/27 14:31:10.0729 2320 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/27 14:31:10.0744 2320 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/27 14:31:10.0807 2320 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/27 14:31:10.0838 2320 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/27 14:31:10.0900 2320 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/07/27 14:31:10.0916 2320 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/27 14:31:10.0947 2320 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/07/27 14:31:10.0994 2320 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/27 14:31:11.0009 2320 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/27 14:31:11.0041 2320 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/27 14:31:11.0103 2320 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/27 14:31:11.0150 2320 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/27 14:31:11.0165 2320 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/27 14:31:11.0181 2320 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/27 14:31:11.0212 2320 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/27 14:31:11.0228 2320 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/27 14:31:11.0243 2320 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/27 14:31:11.0259 2320 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/27 14:31:11.0290 2320 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/27 14:31:11.0306 2320 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/27 14:31:11.0337 2320 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/27 14:31:11.0368 2320 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/07/27 14:31:11.0524 2320 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/27 14:31:11.0602 2320 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
2011/07/27 14:31:11.0665 2320 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/27 14:31:11.0711 2320 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/27 14:31:11.0743 2320 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/27 14:31:11.0774 2320 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/27 14:31:11.0805 2320 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/27 14:31:11.0852 2320 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/27 14:31:11.0914 2320 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/27 14:31:12.0008 2320 Tcpip (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\drivers\tcpip.sys
2011/07/27 14:31:12.0055 2320 Tcpip6 (a6a02ef5b5e40fbd31a1adc577da54bb) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/27 14:31:12.0070 2320 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/27 14:31:12.0101 2320 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/27 14:31:12.0117 2320 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/27 14:31:12.0148 2320 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/27 14:31:12.0164 2320 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/27 14:31:12.0211 2320 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/27 14:31:12.0242 2320 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/27 14:31:12.0273 2320 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/27 14:31:12.0304 2320 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/27 14:31:12.0320 2320 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/07/27 14:31:12.0351 2320 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/27 14:31:12.0398 2320 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/27 14:31:12.0429 2320 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/27 14:31:12.0445 2320 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/27 14:31:12.0491 2320 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/27 14:31:12.0523 2320 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/27 14:31:12.0569 2320 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/07/27 14:31:12.0616 2320 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/27 14:31:12.0647 2320 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/27 14:31:12.0679 2320 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/27 14:31:12.0694 2320 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/27 14:31:12.0710 2320 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/27 14:31:12.0757 2320 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/27 14:31:12.0819 2320 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/27 14:31:12.0850 2320 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/27 14:31:12.0881 2320 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/27 14:31:12.0928 2320 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/27 14:31:12.0975 2320 vfs101x (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
2011/07/27 14:31:13.0006 2320 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/27 14:31:13.0022 2320 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/27 14:31:13.0053 2320 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/27 14:31:13.0084 2320 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/27 14:31:13.0100 2320 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/27 14:31:13.0131 2320 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/27 14:31:13.0147 2320 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/07/27 14:31:13.0178 2320 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/07/27 14:31:13.0209 2320 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/27 14:31:13.0240 2320 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/27 14:31:13.0271 2320 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 14:31:13.0287 2320 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 14:31:13.0334 2320 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/27 14:31:13.0365 2320 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/27 14:31:13.0443 2320 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/27 14:31:13.0521 2320 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/27 14:31:13.0552 2320 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/27 14:31:13.0630 2320 WSVD (0d0367919d12143739cd7ec67a65b6eb) C:\Windows\system32\drivers\WSVD.sys
2011/07/27 14:31:13.0677 2320 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/27 14:31:13.0771 2320 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/07/27 14:31:13.0786 2320 MBR (0x1B8) (f79ef1fa2a5761bf6a7b3a858fc003ee) \Device\Harddisk0\DR0
2011/07/27 14:31:13.0817 2320 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/07/27 14:31:13.0833 2320 Boot (0x1200) (52429ae9d8def0b815958ee32764a4d9) \Device\Harddisk0\DR0\Partition0
2011/07/27 14:31:13.0864 2320 Boot (0x1200) (deaebcc655183d68db4bd6ff84a58028) \Device\Harddisk0\DR0\Partition1
2011/07/27 14:31:13.0864 2320 Boot (0x1200) (9897ad47b7988f85aca5ebb14ef3e76f) \Device\Harddisk1\DR1\Partition0
2011/07/27 14:31:13.0880 2320 ================================================================================
2011/07/27 14:31:13.0880 2320 Scan finished
2011/07/27 14:31:13.0880 2320 ================================================================================
2011/07/27 14:31:13.0880 1292 Detected object count: 0
2011/07/27 14:31:13.0880 1292 Actual detected object count: 0
|
|
| Themen zu Trojaner System Repair |
| datei, datein, defekt, eurer, festplatte, festplatte defekt, folge, folgendes, hoffe, konnte, melde, meldet, platte, ram, rechner, richtig, seite, system, system repair, troja, trojaner, virus |
Linear-Darstellung
