|
Log-Analyse und Auswertung: Problem: zxo.exe, Falsche Weiterverlinkung auf google-ErgebnisseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.08.2011, 21:42 | #1 |
| Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Hallo, ich hoffe es kann mir Jemand helfen. Zu meinem System: Windows 7, 64-Bit (so steht es in den Eigenschaften von Computer, unter Ausführen-> winver steht es nicht. Ich bin mir aber sicher, dass es ein 64-bit System ist. Ich danke hier schonmal jedem, der sich das hier durchliest und mir Tipps gibt. Vielen Dank! Ich habe gestern eine eindeutig schädliche .exe-Datei ausgeführt. Danach wurde im Hintergrund, das heißt ohne erkennbaren Player eine Audio-Datei abgespielt. Daraufhin habe ich den Task-Manager gestartet und einen verdächtigen Prozess identifiziert. Er hieß zxo.exe. Den habe ich beendet, aber spätestens nach einem Neustart war er wieder da, es kam aber keine Audio-Datei. Daraufhin habe ich den Registrierungs-Editor nach zxo.exe durchsucht und verschiedene Einträge gelöscht: 1) Unter "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Most Recent Applications" habe ich einen Eintrag mit dem Namen "Namen", Typ "REG_SZ" und Daten "zxo.exe" gelöscht. 2) Unter HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing habe ich verschiedene verdächtige Ordner gefunden und gelöscht: zxo_RASAPI32 und zxo_RASAMANCS. Es gab dort auch Ordner, die statt dem "o" in "zxo" ein m, l, j, n und k hatten. Diese habe ich alle gelöscht. Nach mehreren Neustarts und abwarten ist der Prozess zxo.exe oder ein ähnlicher nicht wieder aufgetaucht. Jetzt ist es allerdings so, dass ich trotz Deinstallieren und erneutem Installieren von Firefox und Löschen aller Cookies und Temp-Ordner auf falsche Internetseiten verlinkt werde, wenn ich ein google-Ergebnis anklicke. Das heißt, ich vermute zwei verschiedene Probleme. Beim googlen von zxo.exe habe ich etwas von Backdoor Trojaner gelesen und bin daher sehr besorgt, dass mein PC zur Zeit (immernoch) nicht sicher ist. EDIT: Mir ist eben gerade aufgefallen, dass ich den Windows-Sicherheitscenterdienst nicht aktivieren kann. Es kommt die Fehlermeldung "Windows-Sicherheitscenterdienst kann nicht gestartet werden." Daher habe ich die in der Anleitung empfohlenen Schritte durchgeführt: Defogger Ich habe 2 mal Disable ausgeführt, da ich nicht gemerkt hatte, dass der Defogger bereits ein Logfile auf dem Desktop erstellt hatte. Ich wurde entgegen der Anleitung nicht zu einem Neustart aufegfordert, was mich irritiert hatte. Daher das zweimalige Anklicke auf Disable. OTL Während des Scans kam folgende Windows-Fehlermeldung "OTL.exe Datei ist beschädigt: C:\Windows\Programme\Data\Microsoft\Windows\WER\ReportArchive beschädigt oder nicht lesbar, Führen Sie CHKDSK aus." Der Scan verlief trotzdem ohne Unterbrechung und lieferte folgendes Log: (Name durch *** ersetzt, auch bei Computer-Namen (***-Laptop)OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.08.2011 21:52:52 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Desktop 64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,66% Memory free 5,93 Gb Paging File | 4,72 Gb Available in Paging File | 79,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 53,71 Gb Total Space | 9,17 Gb Free Space | 17,08% Space Free | Partition Type: NTFS Drive D: | 244,28 Gb Total Space | 14,73 Gb Free Space | 6,03% Space Free | Partition Type: NTFS Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.01 21:49:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.07.03 11:08:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.30 16:39:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2010.11.02 14:13:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.03 14:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.05.03 14:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.02.04 14:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.22 03:08:38 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.02 09:57:14 | 001,757,184 | ---- | M] () -- C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.exe PRC - [2008.08.02 09:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe ========== Modules (SafeList) ========== MOD - [2011.08.01 21:49:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.07.03 11:08:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.30 16:39:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2010.09.23 01:25:28 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.22 03:08:38 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2008.08.02 09:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.07.03 11:08:57 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.03 11:08:57 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.24 00:25:14 | 000,094,864 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.02.11 17:27:37 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.22 21:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2010.09.22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2010.07.29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb) DRV:64bit: - [2009.10.15 17:23:20 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.08.23 06:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.07.18 00:52:02 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV:64bit: - [2006.04.20 07:22:00 | 000,141,888 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\Sentinel64.sys -- (Sentinel) DRV - [2010.12.30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RKHit.sys -- (RkHit) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 DC E1 73 1A 4E CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.20 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.01.20 17:43:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.01 21:42:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.01 21:38:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.10 11:30:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.13 19:25:24 | 000,000,000 | ---D | M] [2010.05.31 22:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.05.31 22:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.08.01 14:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions [2010.05.31 22:06:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.13 12:48:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.07.17 20:19:25 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011.07.26 11:32:58 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2010.05.31 22:06:15 | 000,000,000 | ---D | M] (GetVideo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{a51dd9d0-56c3-11db-b0de-0800200c9a66} [2011.07.04 20:56:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.31 22:06:15 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.05.31 22:06:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\moveplayer@movenetworks.com [2011.08.01 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.30 10:04:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.05.31 18:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.13 17:17:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.19 18:08:58 | 000,001,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Burn4Free DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll () O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [pcsafedoctor.exe] C:\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [8DDYX0ZBPZ] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.22 23:32:30 | 000,000,000 | ---D | M] - D:\Autogenes Training -- [ NTFS ] O33 - MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\Shell - "" = AutoRun O33 - MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell - "" = AutoRun O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\install\command - "" = F:\SETUP.EXE O33 - MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\Shell - "" = AutoRun O33 - MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.01 21:49:54 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.31 20:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSafeDoctor [2011.07.31 20:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSafeDoctor [2011.07.31 16:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.07.31 16:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4WomenOnly [2011.07.31 16:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\4WomenOnlyData [2011.07.31 16:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4WomenOnly [2011.07.31 16:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cycle Calculator for Women [2011.07.31 16:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundTells [2011.07.31 16:41:43 | 012,351,329 | ---- | C] (Mutex Developments, Inc. ) -- C:\Users\***\Desktop\4WomenOnlySetup.exe [2011.07.29 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\projekte [2010.08.12 22:32:16 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe8981.dll [2009.11.25 16:39:30 | 009,311,688 | ---- | C] (Foxit Software) -- C:\Program Files (x86)\Foxit Reader.exe ========== Files - Modified Within 30 Days ========== [2011.08.01 21:49:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.08.01 21:47:03 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.08.01 21:45:48 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011.08.01 21:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.01 21:12:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.08.01 21:11:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.08.01 21:04:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.08.01 20:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.01 14:59:21 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe [2011.08.01 14:49:46 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.01 14:49:46 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.01 14:42:09 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.01 14:41:38 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\Rujuexfdh.job [2011.08.01 14:41:18 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys [2011.08.01 14:41:15 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2011.07.31 20:58:29 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd [2011.07.31 20:02:17 | 000,075,776 | RHS- | M] () -- C:\Windows\SysWow64\imageresl.dll [2011.07.31 16:45:15 | 000,000,022 | ---- | M] () -- C:\Users\***\Desktop\pcalc32_273.zip [2011.07.31 16:42:22 | 012,351,329 | ---- | M] (Mutex Developments, Inc. ) -- C:\Users\***\Desktop\4WomenOnlySetup.exe [2011.07.30 16:04:46 | 000,127,729 | ---- | M] () -- C:\Users\***\Documents\aachen2.png [2011.07.30 16:02:53 | 000,144,962 | ---- | M] () -- C:\Users\***\Documents\aachen.png [2011.07.29 22:16:02 | 000,105,160 | ---- | M] () -- C:\Users\***\Documents\Antrag DGG.pdf [2011.07.29 22:13:43 | 000,043,215 | ---- | M] () -- C:\Users\***\Documents\unterschrift.jpeg Kopie.jpg [2011.07.29 22:11:45 | 000,078,303 | ---- | M] () -- C:\Users\***\Documents\unterschrift.jpeg [2011.07.26 19:35:24 | 000,286,720 | ---- | M] () -- C:\Users\***\Documents\Datenbank4.accdb [2011.07.25 21:13:30 | 000,100,587 | R--- | M] () -- C:\Users\***\Desktop\bescheinigung.PDF [2011.07.13 19:48:22 | 000,201,811 | ---- | M] () -- C:\Users\***\Desktop\chris2.pdf [2011.07.13 19:48:03 | 000,379,006 | ---- | M] () -- C:\Users\***\Desktop\chris.pdf [2011.07.06 19:39:11 | 000,289,687 | ---- | M] () -- C:\Users\***\Desktop\Ganzseitiges Foto.pdf [2011.07.03 11:08:57 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.07.03 11:08:57 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2011.08.01 21:47:03 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.08.01 21:45:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011.08.01 21:42:12 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.07.31 20:58:29 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd [2011.07.31 20:57:59 | 000,034,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\RKHit.sys [2011.07.31 20:02:27 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.07.31 20:02:24 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.07.31 20:02:20 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.07.31 20:02:17 | 000,075,776 | RHS- | C] () -- C:\Windows\SysWow64\imageresl.dll [2011.07.31 20:02:17 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\Rujuexfdh.job [2011.07.31 16:44:30 | 000,000,022 | ---- | C] () -- C:\Users\***\Desktop\pcalc32_273.zip [2011.07.30 16:04:44 | 000,127,729 | ---- | C] () -- C:\Users\***\Documents\aachen2.png [2011.07.30 16:02:50 | 000,144,962 | ---- | C] () -- C:\Users\***\Documents\aachen.png [2011.07.29 22:16:00 | 000,105,160 | ---- | C] () -- C:\Users\***\Documents\Antrag DGG.pdf [2011.07.29 22:13:42 | 000,043,215 | ---- | C] () -- C:\Users\***\Documents\unterschrift.jpeg Kopie.jpg [2011.07.29 22:12:06 | 000,078,303 | ---- | C] () -- C:\Users\***\Documents\unterschrift.jpeg [2011.07.26 19:34:56 | 000,286,720 | ---- | C] () -- C:\Users\***\Documents\Datenbank4.accdb [2011.07.25 21:13:32 | 000,100,587 | R--- | C] () -- C:\Users\***\Desktop\bescheinigung.PDF [2011.07.13 19:48:22 | 000,201,811 | ---- | C] () -- C:\Users\***\Desktop\chris2.pdf [2011.07.13 19:48:02 | 000,379,006 | ---- | C] () -- C:\Users\***\Desktop\chris.pdf [2011.07.10 11:30:31 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011.07.06 19:39:09 | 000,289,687 | ---- | C] () -- C:\Users\***\Desktop\Ganzseitiges Foto.pdf [2011.05.29 16:04:34 | 000,207,390 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin [2011.05.18 08:43:59 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{E8AA9A47-EB29-4642-916F-5E7B676FD71A} [2010.12.02 08:43:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2010.08.26 19:04:25 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.08.25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010.08.25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010.08.25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010.06.03 09:43:34 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.05.31 18:04:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.13 21:51:30 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:19:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\msxml6r.dll [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 01:37:20 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\winshfhc.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [1997.06.25 15:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll ========== LOP Check ========== [2010.11.27 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broken Sword 2.5 [2011.01.26 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESRI [2010.08.05 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2011.08.01 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.06.29 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.10.31 19:05:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM [2011.01.21 01:56:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software [2010.05.31 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.08.01 14:41:38 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\Rujuexfdh.job [2011.05.10 07:40:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.08.01 21:04:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.08.01 21:12:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.08.01 21:11:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.22 12:46:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.05.31 17:03:24 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.04.06 10:13:36 | 000,000,000 | -HSD | M] -- C:\found.000 [2010.11.18 21:11:37 | 000,000,000 | ---D | M] -- C:\Hotspot Shield [2010.11.29 13:42:17 | 000,000,000 | ---D | M] -- C:\Intel [2010.06.01 12:46:37 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.11.28 17:10:31 | 000,000,000 | R--D | M] -- C:\Program Files [2011.07.31 20:57:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.07.31 16:55:34 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.05.31 17:03:24 | 000,000,000 | -HSD | M] -- C:\Programme [2010.05.31 17:03:25 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.08.01 21:54:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.06.24 14:51:16 | 000,000,000 | ---D | M] -- C:\Temp [2010.05.31 20:56:20 | 000,000,000 | R--D | M] -- C:\Users [2011.07.31 20:58:29 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2009.11.25 16:39:30 | 009,311,688 | ---- | M] (Foxit Software) -- C:\Program Files (x86)\Foxit Reader.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Files - Unicode (All) ========== [2010.10.15 18:18:17 | 004,869,875 | ---- | C] ()(C:\Users\***\Desktop\Israel Kamakawiwo?ole - Over the Rainbow.mp3) -- C:\Users\***\Desktop\Israel Kamakawiwoʻole - Over the Rainbow.mp3 [2010.10.11 20:19:37 | 004,869,875 | ---- | M] ()(C:\Users\***\Desktop\Israel Kamakawiwo?ole - Over the Rainbow.mp3) -- C:\Users\***\Desktop\Israel Kamakawiwoʻole - Over the Rainbow.mp3 ========== Alternate Data Streams ========== @Alternate Data Stream - 168 bytes -> C:\Users\***\Documents\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:3ED99525 < End of report > Geändert von sheep_one (01.08.2011 um 21:48 Uhr) |
02.08.2011, 10:36 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
02.08.2011, 12:09 | #3 |
| Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Hallo und Danke schonmal für deine Antwort. Das mit dem Malwarebytes-Scan hatte ich vorher nicht bemerkt. Hier der LOG:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7353 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 02.08.2011 13:00:44 mbam-log-2011-08-02 (13-00-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 385899 Laufzeit: 1 Stunde(n), 3 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully. Ein paar Anmerkungen noch: 1) Ich habe im Ordner c:\Windows\System32 eine Datei namens rpcnetp.exe, die nach dem Löschen und nach einem Neustart immer wieder da ist. Sie wird immer direkt nach dem Neustart erstellt, daher ist sie mir aufgefallen. 2) Auch in C:\Windows\SysWOW64 taucht nach Löschen und Neustart eine mir unbekannte Datei auf, manchmal rpcnetp.exe oder agremove.exe. Wann welche auftaucht konnte ich bisher nicht rauskriegen. Diese Dateien sind auch immer neu erstellt, auch nach Löschen und Neu starten. 3) Ich habe eigenständig weitere Ordner in der Registrierung gelöscht (ka ob das jetzt so schlau war, aber ich habs halt gemacht) und zwar Folgende: HKEY_CURRENT_USER\Software\8DDYX0ZBPZ (darin wurde im Pfad auf C:\Users\***\AppData\Local\Temp\Zxj.exe verwiesen, deswegen gelöscht) HKEY_CURRENT_USER\Software\NtWqIVLZEWZU HKEY_CURRENT_USER\Software\ZU6RKI1ONY (darin auch wieder die verdächtigen Namen ala zxj, zxn...) Danke nochmal! Ich werde jetzt auch brav auf eine Antwort warten und nichts mehr löschen... |
02.08.2011, 12:37 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
02.08.2011, 12:42 | #5 |
| Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse nur noch das hier: Code:
ATTFilter 11:48:04 *** MESSAGE Protection started successfully 11:48:09 *** MESSAGE IP Protection started successfully 13:04:18 *** MESSAGE Protection started successfully 13:04:23 *** MESSAGE IP Protection started successfully edit: *** ist wieder mein name |
02.08.2011, 12:42 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Führe auch bitte ESET aus, danach sehen wir weiter. ESET Online Scanner
n.
__________________ --> Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse |
02.08.2011, 15:09 | #7 |
| Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse ok, hier das ergebnis Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=d81e600ae45fc247aca231b80ad664d7 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-02 01:53:19 # local_time=2011-08-02 03:53:19 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 252687 48822665 318617 0 # compatibility_mode=5893 16776574 100 94 262165 63915659 0 0 # compatibility_mode=8192 67108863 100 0 200 200 0 0 # scanned=206829 # found=4 # cleaned=0 # scan_time=7390 C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (unable to clean) 00000000000000000000000000000000 I C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\24ddd997-6c16c119 Java/TrojanDownloader.Agent.NBN trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\***\Downloads\HSS-1.52-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application (unable to clean) 00000000000000000000000000000000 I C:\Users\***\Downloads\PCSafeDoctor_Setup.exe multiple threats (unable to clean) 00000000000000000000000000000000 I |
02.08.2011, 15:17 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem: zxo.exe, Falsche Weiterverlinkung auf google-ErgebnisseZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
03.08.2011, 08:45 | #9 |
| Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Das ist ein Programm, das man als Mann wirklich nicht braucht. Das ist eine normale Testversion, daran wirds nicht liegen. Habs gerade mal zur Sicherheit gelöscht, aber es ist wie gesagt nicht die Ursache. |
03.08.2011, 09:31 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Ich wollte doch nur wissen was das ist, löschen musst das nicht gleich Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.22 23:32:30 | 000,000,000 | ---D | M] - D:\Autogenes Training -- [ NTFS ] O33 - MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\Shell - "" = AutoRun O33 - MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell - "" = AutoRun O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\install\command - "" = F:\SETUP.EXE O33 - MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\Shell - "" = AutoRun O33 - MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true [2011.08.01 14:59:21 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe [2011.07.31 20:58:29 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd [2011.07.31 20:57:59 | 000,034,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\RKHit.sys [2011.07.31 20:02:17 | 000,075,776 | RHS- | C] () -- C:\Windows\SysWow64\imageresl.dll [2011.04.06 10:13:36 | 000,000,000 | -HSD | M] -- C:\found.000 @Alternate Data Stream - 168 bytes -> C:\Users\***\Documents\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:3ED99525 :Files C:\Windows\tasks\*.job :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
03.08.2011, 16:40 | #11 |
| Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Ok, habe ich gemacht. Rechner wollte nicht neu starten, hier das log: Code:
ATTFilter ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found. File "G:\WD SmartWare.exe" autoplay=true not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. File F:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. File F:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. File F:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found. File "G:\WD SmartWare.exe" autoplay=true not found. C:\Windows\SysWOW64\agremove.exe moved successfully. C:\Windows\tpcsd moved successfully. File C:\Windows\SysWow64\drivers\RKHit.sys not found. C:\Windows\SysWOW64\imageresl.dll moved successfully. C:\found.000 folder moved successfully. Unable to delete ADS C:\Users\***\Documents\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b . ADS C:\ProgramData\TEMP:3ED99525 deleted successfully. ========== FILES ========== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\tasks\Rujuexfdh.job moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.26.1 log created on 08032011_173534 Danke mal wieder |
03.08.2011, 16:42 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem: zxo.exe, Falsche Weiterverlinkung auf google-ErgebnisseZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
03.08.2011, 16:51 | #13 |
| Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Alles klar, jetzt hab ichs gesehen. Hier nochmal das neue Ergebnis: Code:
ATTFilter ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found. File "G:\WD SmartWare.exe" autoplay=true not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. File F:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. File F:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found. File F:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found. File "G:\WD SmartWare.exe" autoplay=true not found. File C:\Windows\SysWow64\agremove.exe not found. File C:\Windows\tpcsd not found. File C:\Windows\SysWow64\drivers\RKHit.sys not found. File C:\Windows\SysWow64\imageresl.dll not found. Folder C:\found.000\ not found. Unable to delete ADS C:\Users\Jana\Documents\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b . Unable to delete ADS C:\ProgramData\TEMP:3ED99525 . ========== FILES ========== File\Folder C:\Windows\tasks\*.job not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.26.1 log created on 08032011_174929 |
03.08.2011, 19:51 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Bitte auch nur sowas editieren wenn wirklich was privates drin steht! Nur der Vorname muss ja nicht sein. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
03.08.2011, 21:18 | #15 |
| Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse Ja ok, werde es jetzt lassen...bin in letzter Zeit einfach internet vorsichtig geworden. Hier der Log vom TDSS Killer. Code:
ATTFilter 2011/08/03 22:12:15.0227 4016 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11 2011/08/03 22:12:15.0305 4016 ================================================================================ 2011/08/03 22:12:15.0305 4016 SystemInfo: 2011/08/03 22:12:15.0305 4016 2011/08/03 22:12:15.0305 4016 OS Version: 6.1.7601 ServicePack: 1.0 2011/08/03 22:12:15.0305 4016 Product type: Workstation 2011/08/03 22:12:15.0305 4016 ComputerName: JANA-LAPTOP 2011/08/03 22:12:15.0305 4016 UserName: Jana 2011/08/03 22:12:15.0305 4016 Windows directory: C:\Windows 2011/08/03 22:12:15.0305 4016 System windows directory: C:\Windows 2011/08/03 22:12:15.0305 4016 Running under WOW64 2011/08/03 22:12:15.0305 4016 Processor architecture: Intel x64 2011/08/03 22:12:15.0305 4016 Number of processors: 2 2011/08/03 22:12:15.0305 4016 Page size: 0x1000 2011/08/03 22:12:15.0305 4016 Boot type: Normal boot 2011/08/03 22:12:15.0305 4016 ================================================================================ 2011/08/03 22:12:16.0771 4016 Initialize success 2011/08/03 22:12:20.0047 0800 ================================================================================ 2011/08/03 22:12:20.0047 0800 Scan started 2011/08/03 22:12:20.0047 0800 Mode: Manual; 2011/08/03 22:12:20.0047 0800 ================================================================================ 2011/08/03 22:12:21.0529 0800 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 2011/08/03 22:12:21.0732 0800 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 2011/08/03 22:12:21.0903 0800 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 2011/08/03 22:12:21.0997 0800 acsock (0ec911d24f14c969e980e92e4371464d) C:\Windows\system32\DRIVERS\acsock64.sys 2011/08/03 22:12:22.0200 0800 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/08/03 22:12:22.0325 0800 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/08/03 22:12:22.0481 0800 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/08/03 22:12:22.0652 0800 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 2011/08/03 22:12:22.0839 0800 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 2011/08/03 22:12:23.0058 0800 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 2011/08/03 22:12:23.0151 0800 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 2011/08/03 22:12:23.0245 0800 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/08/03 22:12:23.0292 0800 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/08/03 22:12:23.0370 0800 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 2011/08/03 22:12:23.0510 0800 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/08/03 22:12:23.0619 0800 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 2011/08/03 22:12:23.0838 0800 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 2011/08/03 22:12:24.0009 0800 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/08/03 22:12:24.0243 0800 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/08/03 22:12:24.0415 0800 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 2011/08/03 22:12:24.0587 0800 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/03 22:12:24.0712 0800 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 2011/08/03 22:12:25.0039 0800 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 2011/08/03 22:12:25.0289 0800 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/08/03 22:12:25.0507 0800 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 2011/08/03 22:12:25.0616 0800 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/08/03 22:12:25.0694 0800 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/08/03 22:12:25.0882 0800 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/08/03 22:12:26.0225 0800 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/08/03 22:12:26.0365 0800 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/03 22:12:26.0443 0800 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/08/03 22:12:26.0490 0800 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/08/03 22:12:26.0646 0800 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/08/03 22:12:26.0833 0800 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/08/03 22:12:27.0005 0800 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/08/03 22:12:27.0067 0800 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/08/03 22:12:27.0130 0800 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/08/03 22:12:27.0317 0800 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/03 22:12:27.0473 0800 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 2011/08/03 22:12:27.0707 0800 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/08/03 22:12:27.0878 0800 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/08/03 22:12:28.0190 0800 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/08/03 22:12:28.0378 0800 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 2011/08/03 22:12:28.0518 0800 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 2011/08/03 22:12:28.0705 0800 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/08/03 22:12:28.0783 0800 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 2011/08/03 22:12:28.0861 0800 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/08/03 22:12:28.0986 0800 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 2011/08/03 22:12:29.0111 0800 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 2011/08/03 22:12:29.0314 0800 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/08/03 22:12:29.0423 0800 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/08/03 22:12:29.0641 0800 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/08/03 22:12:29.0938 0800 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/03 22:12:30.0421 0800 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/08/03 22:12:30.0874 0800 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys 2011/08/03 22:12:31.0045 0800 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/08/03 22:12:31.0310 0800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 2011/08/03 22:12:31.0529 0800 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys 2011/08/03 22:12:31.0685 0800 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/08/03 22:12:31.0919 0800 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/08/03 22:12:32.0137 0800 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/03 22:12:32.0324 0800 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/08/03 22:12:32.0387 0800 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/08/03 22:12:32.0590 0800 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/03 22:12:32.0746 0800 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 2011/08/03 22:12:32.0964 0800 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/08/03 22:12:33.0042 0800 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/03 22:12:33.0167 0800 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/08/03 22:12:33.0307 0800 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/08/03 22:12:33.0635 0800 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/08/03 22:12:33.0822 0800 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 2011/08/03 22:12:33.0994 0800 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 2011/08/03 22:12:34.0056 0800 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/08/03 22:12:34.0103 0800 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/08/03 22:12:34.0165 0800 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/08/03 22:12:34.0352 0800 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 2011/08/03 22:12:34.0524 0800 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 2011/08/03 22:12:34.0633 0800 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys 2011/08/03 22:12:35.0054 0800 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 2011/08/03 22:12:35.0351 0800 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 2011/08/03 22:12:35.0460 0800 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 2011/08/03 22:12:35.0600 0800 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 2011/08/03 22:12:36.0224 0800 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys 2011/08/03 22:12:36.0692 0800 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/08/03 22:12:36.0833 0800 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 2011/08/03 22:12:36.0911 0800 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/03 22:12:37.0067 0800 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/08/03 22:12:37.0254 0800 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 2011/08/03 22:12:37.0426 0800 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/08/03 22:12:37.0535 0800 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/08/03 22:12:37.0644 0800 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 2011/08/03 22:12:37.0847 0800 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 2011/08/03 22:12:38.0034 0800 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys 2011/08/03 22:12:38.0143 0800 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 2011/08/03 22:12:38.0237 0800 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 2011/08/03 22:12:38.0424 0800 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/03 22:12:38.0518 0800 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 2011/08/03 22:12:38.0689 0800 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/08/03 22:12:38.0892 0800 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys 2011/08/03 22:12:39.0095 0800 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/03 22:12:39.0313 0800 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/08/03 22:12:39.0469 0800 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/08/03 22:12:39.0594 0800 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/08/03 22:12:39.0703 0800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/08/03 22:12:39.0922 0800 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/08/03 22:12:40.0078 0800 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys 2011/08/03 22:12:40.0171 0800 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/08/03 22:12:40.0218 0800 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/08/03 22:12:40.0312 0800 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/08/03 22:12:40.0358 0800 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/03 22:12:40.0452 0800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 2011/08/03 22:12:40.0514 0800 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/08/03 22:12:40.0608 0800 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 2011/08/03 22:12:40.0655 0800 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 2011/08/03 22:12:40.0702 0800 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/03 22:12:40.0795 0800 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 2011/08/03 22:12:40.0967 0800 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/03 22:12:41.0045 0800 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/03 22:12:41.0092 0800 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/03 22:12:41.0154 0800 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 2011/08/03 22:12:41.0232 0800 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 2011/08/03 22:12:41.0372 0800 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/08/03 22:12:41.0419 0800 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/08/03 22:12:41.0482 0800 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 2011/08/03 22:12:41.0560 0800 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/03 22:12:41.0622 0800 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/03 22:12:41.0684 0800 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/08/03 22:12:41.0856 0800 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 2011/08/03 22:12:42.0199 0800 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 2011/08/03 22:12:42.0308 0800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/08/03 22:12:42.0355 0800 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/08/03 22:12:42.0433 0800 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys 2011/08/03 22:12:42.0496 0800 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/08/03 22:12:42.0636 0800 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/03 22:12:42.0901 0800 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 2011/08/03 22:12:43.0073 0800 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/08/03 22:12:43.0151 0800 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/03 22:12:43.0213 0800 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/03 22:12:43.0291 0800 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/03 22:12:43.0478 0800 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 2011/08/03 22:12:43.0572 0800 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/03 22:12:43.0634 0800 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/03 22:12:43.0853 0800 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/08/03 22:12:43.0962 0800 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/08/03 22:12:44.0056 0800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/03 22:12:44.0243 0800 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 2011/08/03 22:12:44.0446 0800 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/08/03 22:12:44.0555 0800 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 2011/08/03 22:12:44.0617 0800 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 2011/08/03 22:12:44.0680 0800 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 2011/08/03 22:12:44.0742 0800 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 2011/08/03 22:12:45.0007 0800 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/08/03 22:12:45.0116 0800 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 2011/08/03 22:12:45.0194 0800 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 2011/08/03 22:12:45.0257 0800 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 2011/08/03 22:12:45.0350 0800 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/08/03 22:12:45.0413 0800 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/08/03 22:12:45.0475 0800 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/08/03 22:12:45.0834 0800 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/03 22:12:45.0912 0800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/08/03 22:12:46.0068 0800 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/03 22:12:46.0271 0800 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/08/03 22:12:46.0474 0800 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/08/03 22:12:46.0552 0800 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/03 22:12:46.0630 0800 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/03 22:12:46.0708 0800 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/08/03 22:12:46.0832 0800 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/03 22:12:46.0957 0800 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/03 22:12:47.0004 0800 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/03 22:12:47.0082 0800 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/03 22:12:47.0144 0800 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/08/03 22:12:47.0176 0800 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/03 22:12:47.0254 0800 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 2011/08/03 22:12:47.0316 0800 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/03 22:12:47.0378 0800 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/08/03 22:12:47.0456 0800 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 2011/08/03 22:12:47.0534 0800 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 2011/08/03 22:12:47.0924 0800 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/03 22:12:48.0252 0800 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys 2011/08/03 22:12:48.0346 0800 s0016mdfl (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys 2011/08/03 22:12:48.0424 0800 s0016mdm (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys 2011/08/03 22:12:48.0564 0800 s0016mgmt (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys 2011/08/03 22:12:48.0642 0800 s0016nd5 (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys 2011/08/03 22:12:48.0736 0800 s0016obex (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys 2011/08/03 22:12:48.0985 0800 s0016unic (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys 2011/08/03 22:12:49.0110 0800 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 2011/08/03 22:12:49.0188 0800 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 2011/08/03 22:12:49.0266 0800 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 2011/08/03 22:12:49.0344 0800 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/08/03 22:12:49.0453 0800 Sentinel (82215bbed5d37b0c354f0e83fd0c8423) C:\Windows\System32\Drivers\SENTINEL64.SYS 2011/08/03 22:12:49.0516 0800 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/08/03 22:12:49.0562 0800 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/08/03 22:12:49.0640 0800 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/08/03 22:12:49.0796 0800 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 2011/08/03 22:12:49.0874 0800 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 2011/08/03 22:12:49.0921 0800 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 2011/08/03 22:12:50.0062 0800 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/08/03 22:12:50.0186 0800 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/08/03 22:12:50.0296 0800 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/08/03 22:12:50.0374 0800 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/08/03 22:12:50.0654 0800 SNP2UVC (a415c67b40dfb903accc1d40fbee3269) C:\Windows\system32\DRIVERS\snp2uvc.sys 2011/08/03 22:12:50.0795 0800 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/08/03 22:12:50.0982 0800 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 2011/08/03 22:12:51.0169 0800 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/03 22:12:51.0232 0800 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/03 22:12:51.0325 0800 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/08/03 22:12:51.0434 0800 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 2011/08/03 22:12:51.0497 0800 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 2011/08/03 22:12:51.0544 0800 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 2011/08/03 22:12:51.0637 0800 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys 2011/08/03 22:12:51.0902 0800 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys 2011/08/03 22:12:52.0152 0800 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/03 22:12:52.0558 0800 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/03 22:12:52.0901 0800 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/08/03 22:12:53.0026 0800 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/08/03 22:12:53.0150 0800 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/03 22:12:53.0228 0800 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 2011/08/03 22:12:53.0338 0800 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/03 22:12:53.0416 0800 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 2011/08/03 22:12:53.0509 0800 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/03 22:12:53.0634 0800 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/08/03 22:12:53.0728 0800 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/03 22:12:53.0977 0800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 2011/08/03 22:12:54.0055 0800 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 2011/08/03 22:12:54.0118 0800 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/08/03 22:12:54.0211 0800 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys 2011/08/03 22:12:54.0274 0800 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 2011/08/03 22:12:54.0320 0800 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/08/03 22:12:54.0445 0800 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys 2011/08/03 22:12:54.0554 0800 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/08/03 22:12:54.0679 0800 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/08/03 22:12:55.0178 0800 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/08/03 22:12:55.0756 0800 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/03 22:12:55.0943 0800 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/08/03 22:12:56.0177 0800 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 2011/08/03 22:12:56.0302 0800 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys 2011/08/03 22:12:56.0380 0800 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 2011/08/03 22:12:56.0458 0800 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/03 22:12:56.0520 0800 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/08/03 22:12:56.0629 0800 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 2011/08/03 22:12:56.0770 0800 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 2011/08/03 22:12:56.0941 0800 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 2011/08/03 22:12:57.0019 0800 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 2011/08/03 22:12:57.0097 0800 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 2011/08/03 22:12:57.0175 0800 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 2011/08/03 22:12:57.0238 0800 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 2011/08/03 22:12:57.0378 0800 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys 2011/08/03 22:12:57.0472 0800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/08/03 22:12:57.0518 0800 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/08/03 22:12:57.0628 0800 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/08/03 22:12:57.0690 0800 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/08/03 22:12:57.0768 0800 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/03 22:12:57.0830 0800 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/03 22:12:58.0096 0800 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/08/03 22:12:58.0189 0800 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/03 22:12:58.0392 0800 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/08/03 22:12:58.0470 0800 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/08/03 22:12:58.0688 0800 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/08/03 22:12:58.0798 0800 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 2011/08/03 22:12:58.0969 0800 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/03 22:12:59.0094 0800 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 2011/08/03 22:12:59.0172 0800 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/03 22:12:59.0312 0800 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/08/03 22:12:59.0359 0800 Boot (0x1200) (dd3c55a94a5f229352b715d193f928a3) \Device\Harddisk0\DR0\Partition0 2011/08/03 22:12:59.0406 0800 Boot (0x1200) (4113d57d4b8c3fdd8968a9e49647aa66) \Device\Harddisk0\DR0\Partition1 2011/08/03 22:12:59.0453 0800 Boot (0x1200) (22324d4471870a33fa3cd7196e47603f) \Device\Harddisk0\DR0\Partition2 2011/08/03 22:12:59.0468 0800 ================================================================================ 2011/08/03 22:12:59.0468 0800 Scan finished 2011/08/03 22:12:59.0468 0800 ================================================================================ 2011/08/03 22:12:59.0500 2952 Detected object count: 0 2011/08/03 22:12:59.0500 2952 Actual detected object count: 0 |
Themen zu Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse |
adblock, alternate, antivir, autorun, backdoor, backdoor trojaner, c:\windows\system32\rundll32.exe, calculator, computer, desktop, document, error, explorer, google earth, hijack.zones, hotspot, hotspot shield, langs, logfile, mozilla thunderbird, nicht sicher, plug-in, prozess, registry, software, start menu, trojan.downloader, trojan.fraudpack, trojaner, webcheck, winlogon.exe |