| |
| |||||||
Log-Analyse und Auswertung: Laptop Samsung R700 scrollt einfach nach unten!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.08.2011, 00:15
| #1 |
| |  Laptop Samsung R700 scrollt einfach nach unten! Hallo zusammen mein Laptop scrollt seit einigen Tagen einfach nach unten das das arbeiten einfach unmöglich macht.Hab im Forum die Anweisungen von "Arne" befolgt und poste nun meinen Bericht denn Ich weiss damit sonst nichts anzufangen.Bitte helft Mir wenn es geht bin nur ein armer Lehrling wenig Geld und auf den Laptop angewiesen. --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz ) BIOS : Phoenix TrustedCore(tm) NB Service Pack 3B Version 0.00 06SR USER : +++++ ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:111 Go (Free:10 Go) D:\ (Local Disk) - NTFS - Total:110 Go (Free:53 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 04.08.2011| 0:51 ) [ UAC => 1 ] --------------------\\ Ordner Verzeichnis unter Local [18.10.2008|20:03] C:\Users\ANDREA~1\AppData\Local\Adobe [31.03.2009|01:14] C:\Users\ANDREA~1\AppData\Local\Ahead [14.06.2008|20:16] C:\Users\ANDREA~1\AppData\Local\Anwendungsdaten [06.05.2011|20:19] C:\Users\ANDREA~1\AppData\Local\ApplicationHistory [10.01.2010|15:40] C:\Users\ANDREA~1\AppData\Local\ashampoo [06.06.2011|21:17] C:\Users\ANDREA~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [03.01.2009|23:06] C:\Users\ANDREA~1\AppData\Local\DNA [18.06.2008|19:23] C:\Users\ANDREA~1\AppData\Local\fusioncache.dat [24.02.2010|21:05] C:\Users\ANDREA~1\AppData\Local\GDIPFONTCACHEV1.DAT [02.12.2010|13:37] C:\Users\ANDREA~1\AppData\Local\Google [28.07.2011|05:54] C:\Users\ANDREA~1\AppData\Local\IconCache.db [05.12.2008|17:11] C:\Users\ANDREA~1\AppData\Local\LogMeIn [15.11.2010|02:57] C:\Users\ANDREA~1\AppData\Local\Microsoft [19.04.2009|12:04] C:\Users\ANDREA~1\AppData\Local\Microsoft Games [18.11.2010|05:25] C:\Users\ANDREA~1\AppData\Local\Microsoft Help [18.07.2011|13:25] C:\Users\ANDREA~1\AppData\Local\PokerStars [09.12.2008|19:00] C:\Users\ANDREA~1\AppData\Local\PunkBuster [04.08.2011|00:50] C:\Users\ANDREA~1\AppData\Local\temp [14.06.2008|20:16] C:\Users\ANDREA~1\AppData\Local\Temporary Internet Files [14.06.2008|20:16] C:\Users\ANDREA~1\AppData\Local\Verlauf [19.06.2008|17:57] C:\Users\ANDREA~1\AppData\Local\VirtualStore [4|Datei(en),] C:\Users\ANDREA~1\AppData\Local\Bytes [19|Verzeichnis(se),] C:\Users\ANDREA~1\AppData\Local\Bytes frei --------------------\\ Geplante Aufgaben unter C:\Windows\Tasks [03.08.2011 16:02][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [04.08.2011 00:01][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [04.08.2011 00:01][--ah-----] C:\Windows\tasks\SA.DAT [03.08.2011 16:16][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Ordner Verzeichnis unter C:\ProgramData [29.12.2007|04:28] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [25.11.2008|16:21] C:\ProgramData\Adobe [14.06.2008|20:12] C:\ProgramData\Anwendungsdaten [02.11.2006|15:02] C:\ProgramData\Application Data [10.01.2010|15:40] C:\ProgramData\ashampoo [28.05.2011|18:52] C:\ProgramData\AVAST Software [09.12.2008|15:30] C:\ProgramData\CyberLink [02.11.2006|15:02] C:\ProgramData\Desktop [02.11.2006|15:02] C:\ProgramData\Documents [14.06.2008|20:12] C:\ProgramData\Dokumente [30.06.2010|21:40] C:\ProgramData\ezsidmv.dat [14.06.2008|20:12] C:\ProgramData\Favoriten [02.11.2006|15:02] C:\ProgramData\Favorites [05.03.2010|09:37] C:\ProgramData\Google [04.01.2009|00:25] C:\ProgramData\LightScribe [05.12.2008|17:11] C:\ProgramData\LogMeIn [29.05.2011|19:30] C:\ProgramData\Malwarebytes [10.12.2010|15:25] C:\ProgramData\McAfee [12.01.2011|00:24] C:\ProgramData\MGS [15.06.2008|21:17] C:\ProgramData\Microsoft [04.02.2011|18:06] C:\ProgramData\Microsoft Help [29.12.2007|03:14] C:\ProgramData\Movie [03.01.2009|23:39] C:\ProgramData\Nero [30.12.2008|18:28] C:\ProgramData\NVIDIA [30.06.2010|21:27] C:\ProgramData\Skype [02.11.2006|15:02] C:\ProgramData\Start Menu [14.06.2008|20:12] C:\ProgramData\Startmenü [20.04.2010|16:30] C:\ProgramData\Sun [02.11.2006|15:02] C:\ProgramData\Templates [14.06.2008|20:12] C:\ProgramData\Vorlagen [1|Datei(en),] C:\ProgramData\Bytes [31|Verzeichnis(se),] C:\ProgramData\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files [29.12.2007|04:28] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites [25.11.2008|16:22] C:\Program Files\Adobe [02.12.2009|16:32] C:\Program Files\AGEIA Technologies [03.01.2009|23:53] C:\Program Files\ANNO1602 [06.07.2010|16:02] C:\Program Files\AQUIP [28.05.2011|18:52] C:\Program Files\AVAST Software [28.05.2011|17:51] C:\Program Files\Common Files [28.01.2011|04:33] C:\Program Files\Conduit [28.01.2011|04:53] C:\Program Files\ConduitEngine [29.12.2007|03:04] C:\Program Files\CyberLink [02.07.2008|10:09] C:\Program Files\directx [20.02.2009|11:22] C:\Program Files\DNA [10.10.2008|15:38] C:\Program Files\Drakensang [14.06.2008|20:12] C:\Program Files\Gemeinsame Dateien [C:\Program Files\Common Files] [05.03.2010|09:38] C:\Program Files\Google [06.07.2010|16:02] C:\Program Files\InstallShield Installation Information [29.12.2007|02:56] C:\Program Files\Intel [17.06.2011|10:23] C:\Program Files\Internet Explorer [27.12.2010|01:56] C:\Program Files\Java [17.12.2010|19:13] C:\Program Files\Jens Lorek [13.12.2008|01:51] C:\Program Files\LogMeIn [29.05.2011|19:30] C:\Program Files\Malwarebytes' Anti-Malware [02.11.2006|14:37] C:\Program Files\Microsoft Games [29.12.2007|04:32] C:\Program Files\Microsoft Office [10.01.2010|15:39] C:\Program Files\Microsoft Silverlight [29.12.2007|04:32] C:\Program Files\Microsoft Small Business [29.12.2007|04:30] C:\Program Files\Microsoft SQL Server [29.12.2007|04:26] C:\Program Files\Microsoft Visual Studio [29.12.2007|04:26] C:\Program Files\Microsoft Works [28.06.2010|09:22] C:\Program Files\Microsoft.NET [09.10.2009|19:22] C:\Program Files\Mobile Partner Manager [14.08.2010|22:24] C:\Program Files\Movie Maker [02.11.2006|14:37] C:\Program Files\MSBuild [10.01.2010|15:39] C:\Program Files\MSN [29.12.2007|03:08] C:\Program Files\MSSOAP [04.01.2009|13:31] C:\Program Files\MSXML 4.0 [03.01.2009|23:39] C:\Program Files\Nero [03.01.2009|23:45] C:\Program Files\NeroInstall.bak [21.01.2011|19:53] C:\Program Files\ProtectDisc Driver Installer [29.12.2007|02:51] C:\Program Files\Realtek [02.11.2006|14:37] C:\Program Files\Reference Assemblies [29.12.2007|04:35] C:\Program Files\Samsung [30.06.2010|21:28] C:\Program Files\Skype [28.01.2011|04:53] C:\Program Files\softonic-de3 [06.05.2011|20:19] C:\Program Files\Starcraft [27.07.2011|14:10] C:\Program Files\Steam [28.07.2008|01:27] C:\Program Files\Sun [29.12.2007|02:53] C:\Program Files\Synaptics [11.09.2009|21:35] C:\Program Files\T-Online [21.03.2010|22:54] C:\Program Files\Uniblue [02.11.2006|15:01] C:\Program Files\Uninstall Information [09.01.2010|21:33] C:\Program Files\VideoLAN [23.01.2009|21:18] C:\Program Files\Warcraft III [23.01.2009|21:19] C:\Program Files\WC3 [29.12.2007|02:54] C:\Program Files\WIDCOMM [26.12.2009|10:21] C:\Program Files\Windows Calendar [26.12.2009|10:21] C:\Program Files\Windows Collaboration [26.12.2009|10:21] C:\Program Files\Windows Defender [26.12.2009|10:21] C:\Program Files\Windows Journal [17.06.2011|10:00] C:\Program Files\Windows Mail [14.10.2010|03:14] C:\Program Files\Windows Media Player [14.06.2008|20:12] C:\Program Files\Windows NT [26.12.2009|10:21] C:\Program Files\Windows Photo Gallery [27.12.2009|12:02] C:\Program Files\Windows Portable Devices [28.05.2011|18:52] C:\Program Files\Windows Sidebar [03.01.2009|22:48] C:\Program Files\WinRAR [0|Datei(en),] C:\Program Files\Bytes [68|Verzeichnis(se),] C:\Program Files\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files [25.11.2008|16:21] C:\Program Files\Common Files\Adobe [29.12.2007|04:26] C:\Program Files\Common Files\DESIGNER [28.06.2010|23:18] C:\Program Files\Common Files\DVDVideoSoft [29.12.2007|03:06] C:\Program Files\Common Files\InstallShield [01.12.2010|15:54] C:\Program Files\Common Files\Java [29.12.2007|03:01] C:\Program Files\Common Files\LightScribe [11.09.2009|21:37] C:\Program Files\Common Files\Marmiko Shared [28.01.2011|05:55] C:\Program Files\Common Files\microsoft shared [29.12.2007|03:08] C:\Program Files\Common Files\MSSoap [11.09.2009|21:36] C:\Program Files\Common Files\Nero [02.11.2006|13:18] C:\Program Files\Common Files\Services [30.06.2010|21:27] C:\Program Files\Common Files\Skype [02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines [14.07.2011|15:30] C:\Program Files\Common Files\Steam [26.12.2009|10:21] C:\Program Files\Common Files\System [11.01.2010|13:37] C:\Program Files\Common Files\Wise Installation Wizard [0|Datei(en),] C:\Program Files\Common Files\Bytes [18|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei --------------------\\ Process ( 62 Processes ) iexplore.exe ~ [PID:844] iexplore.exe ~ [PID:4580] --------------------\\ Ueberpruefung mit S_Lop Kein Lop Ordner gefunden ! --------------------\\ Suche nach Lop Dateien - Ordnern C:\Users\ANDREA~1\AppData\Roaming\MICROS~1\Windows\Cookies\+++++++_+++++@partypoker[1].txt C:\Users\ANDREA~1\AppData\Roaming\MICROS~1\Windows\Cookies\+++++++_+++++@partypoker[1].txt --------------------\\ Suche innerhalb der Registry ..... OK ! --------------------\\ Ueberpruefung der Hosts Datei Hosts Datei SAUBER --------------------\\ Suche nach verborgenen Dateien mit Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-08-04 00:51:25 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... C:\Users\ANDREA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N46X9DYU\cm[1].htm C:\Users\ANDREA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N46X9DYU\grey-16[1] C:\Users\ANDREA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUUHPYWR\logo[2] scan completed successfully hidden processes: 0 hidden files: 3 --------------------\\ Suche nach anderen Infektionen Kein anderen Infektionen gefunden ! [F:567][D:102]-> C:\Users\ANDREA~1\AppData\Local\Temp [F:1014][D:1]-> C:\Users\ANDREA~1\AppData\Roaming\MICROS~1\Windows\Cookies [F:638][D:4]-> C:\Users\ANDREA~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:6][D:3]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 04.08.2011| 0:55 - Option : [1] --------------------\\ Scan beendet um 0:55:43 [ UAC => 1 ] Vielen Dank im voraus für die Mühe und hoffentlich Hilfe die IHR mir geben könnt das alles wieder gut wird! Gruss Kaschbber81 Geändert von Kaschbber81 (04.08.2011 um 00:24 Uhr) Grund: Realname |
|
04.08.2011, 11:51
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Laptop Samsung R700 scrollt einfach nach unten! Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
06.08.2011, 18:22
| #3 |
| | Laptop Samsung R700 scrollt einfach nach unten! Malwarebytes Logdatei:
__________________Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7392 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 06.08.2011 18:02:07 mbam-log-2011-08-06 (18-02-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 400596 Laufzeit: 1 Stunde(n), 58 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\challengev2 (PUP.Casino.Gen) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\andreas busch\downloads\challengev2.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully. c:\microgaming\Casino\challengecasino\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully. OTL.Txt - Editor:OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.08.2011 18:52:27 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Andreas Busch\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,51% Memory free 6,20 Gb Paging File | 5,31 Gb Available in Paging File | 85,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 7,78 Gb Free Space | 6,96% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 53,27 Gb Free Space | 47,99% Space Free | Partition Type: NTFS Computer Name: ANDREASBUSCH-PC | User Name: Andreas Busch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.06 18:46:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Busch\Desktop\OTL.exe PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2010.12.10 15:26:09 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.10.17 09:28:08 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2007.09.05 06:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.08.07 07:04:38 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2007.06.29 01:15:06 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe ========== Modules (SafeList) ========== MOD - [2011.08.06 18:46:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Busch\Desktop\OTL.exe MOD - [2011.07.04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.13 16:06:26 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2008.10.16 21:35:28 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2008.07.24 19:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.06.28 11:54:42 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2006.10.05 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008.11.18 17:26:40 | 000,103,552 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtstusbser.sys -- (gtstusbser) DRV - [2008.10.16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.07.24 19:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo) DRV - [2008.07.24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2007.10.31 18:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.10.24 22:33:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.12.22 09:13:06 | 000,231,040 | ---- | M] (A/WLAN-1) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW23B.sys -- (MRV6X32U) DRV - [2006.11.29 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.14 02:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R) DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Andreas Busch\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Andreas Busch\Program Files\DNA [2011.05.06 20:19:36 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011.05.28 17:23:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.clmp3enc - C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM (CyberLink Corp.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.06 18:46:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas Busch\Desktop\OTL.exe [2011.08.04 00:46:42 | 000,000,000 | ---D | C] -- C:\Lop SD [2011.07.20 22:50:28 | 000,000,000 | ---D | C] -- C:\Users\Andreas Busch\4.0 [2006.11.25 00:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.25 00:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll ========== Files - Modified Within 30 Days ========== [2011.08.06 18:46:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Busch\Desktop\OTL.exe [2011.08.06 18:36:19 | 000,028,599 | ---- | M] () -- C:\Users\Andreas Busch\AppData\Roaming\nvModes.001 [2011.08.06 18:03:35 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.06 18:03:23 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.06 18:03:23 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.06 18:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.06 18:03:10 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.08.06 18:02:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.08.06 17:03:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.06 13:49:33 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.22 03:24:58 | 175,867,591 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.07.16 14:20:11 | 000,002,533 | ---- | M] () -- C:\Users\Andreas Busch\Desktop\TubeBox! starten.lnk [2011.07.13 20:55:47 | 000,376,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.12 13:29:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.07.11 21:19:58 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000DA4.LCS ========== Files Created - No Company Name ========== [2011.05.28 16:46:56 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.28 16:46:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.28 16:46:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.28 16:46:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.28 16:46:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.12.01 15:44:47 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.06.30 21:40:13 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.09 19:23:17 | 000,000,962 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI [2009.08.08 00:35:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.08 00:35:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.01.21 15:39:00 | 003,912,794 | ---- | C] () -- C:\Users\Andreas Busch\AppData\Roaming\UserTile.png [2008.12.31 04:01:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.30 21:41:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.06.18 19:23:44 | 000,000,101 | ---- | C] () -- C:\Users\Andreas Busch\AppData\Local\fusioncache.dat [2008.06.16 14:47:06 | 000,028,599 | ---- | C] () -- C:\Users\Andreas Busch\AppData\Roaming\nvModes.001 [2008.06.16 14:38:27 | 000,028,599 | ---- | C] () -- C:\Users\Andreas Busch\AppData\Roaming\nvModes.dat [2008.06.16 11:42:56 | 000,088,576 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2008.06.14 20:18:51 | 000,169,472 | ---- | C] () -- C:\Users\Andreas Busch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.29 04:35:39 | 000,377,856 | ---- | C] () -- C:\Windows\System32\SetAutoConsole.exe [2007.12.29 03:52:19 | 000,221,184 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2007.12.29 02:57:47 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2007.12.29 02:57:47 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2007.12.29 02:44:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.12.29 02:37:14 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.12.29 02:37:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.12.29 02:37:13 | 000,695,718 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.12.29 02:37:13 | 000,154,194 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.12.29 02:30:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.09.05 05:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat [2007.02.16 02:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.30 03:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe [2006.11.30 03:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.16 12:43:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,376,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,651,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,125,282 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.09 20:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2001.11.14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010.01.10 16:05:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Ashampoo [2011.05.28 18:45:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\BitTorrent [2011.05.06 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\DAEMON Tools [2011.05.06 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\DNA [2009.01.21 15:39:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\PeerNetworking [2011.05.06 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\ProtectDisc [2008.06.18 19:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\T-Online [2010.12.17 19:32:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\TubeBox [2010.03.21 22:54:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Uniblue [2011.08.06 18:02:27 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.10.18 20:03:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Adobe [2010.01.10 16:05:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Ashampoo [2011.05.28 18:45:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\BitTorrent [2009.08.08 03:05:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\CyberLink [2011.05.06 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\DAEMON Tools [2011.05.06 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\DNA [2011.05.06 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\dvdcss [2008.06.16 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Google [2008.06.14 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Identities [2010.07.06 16:02:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\InstallShield [2008.06.15 21:18:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Macromedia [2011.05.29 19:34:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Media Center Programs [2011.01.28 02:01:46 | 000,000,000 | --SD | M] -- C:\Users\Andreas Busch\AppData\Roaming\Microsoft [2011.04.23 14:49:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Mozilla [2011.04.23 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Mozilla-Cache [2009.01.03 23:42:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Nero [2009.01.21 15:39:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\PeerNetworking [2011.05.06 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\ProtectDisc [2011.06.16 15:28:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Skype [2011.06.16 10:37:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\skypePM [2008.06.18 19:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\T-Online [2010.12.17 19:32:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\TubeBox [2010.03.21 22:54:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\Uniblue [2011.06.06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\vlc [2009.01.03 23:19:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas Busch\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.02.04 19:20:30 | 000,034,494 | R--- | M] () -- C:\Users\Andreas Busch\AppData\Roaming\Microsoft\Installer\{62733593-6322-4C89-8B50-F714305A4DC6}\_6FEFF9B68218417F98F549.exe [2011.06.23 01:56:41 | 000,034,494 | R--- | M] () -- C:\Users\Andreas Busch\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_6FEFF9B68218417F98F549.exe [2011.06.23 01:56:41 | 000,355,574 | R--- | M] () -- C:\Users\Andreas Busch\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_9F2F62027183467A0C563B.exe [2011.06.23 01:56:41 | 000,010,134 | R--- | M] () -- C:\Users\Andreas Busch\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_BDF84734F5F8C3AB80EEE4.exe [2011.06.23 01:56:41 | 000,080,992 | R--- | M] () -- C:\Users\Andreas Busch\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_E47F3FDD865364D00002E7.exe [2011.06.23 01:56:41 | 000,355,574 | R--- | M] () -- C:\Users\Andreas Busch\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_FA0309973578E9928005B5.exe [2010.12.17 19:13:44 | 000,034,494 | R--- | M] () -- C:\Users\Andreas Busch\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe [2011.03.30 02:08:12 | 000,034,494 | R--- | M] () -- C:\Users\Andreas Busch\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.12.29 03:56:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2007.12.29 03:57:49 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2007.12.29 03:57:49 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2007.12.29 03:57:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2007.12.29 03:56:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2007.12.29 03:56:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2007.12.29 04:15:57 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b0f802d7\atapi.sys [2007.12.29 04:15:57 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20541_none_dbb1430d3da06c42\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.12.29 03:58:56 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2007.12.29 04:14:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.12.29 04:14:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2007.12.29 03:58:56 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2007.12.29 03:58:56 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys [2008.06.18 08:09:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.06.18 08:09:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.06.18 08:09:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.06.18 08:09:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.12.29 03:18:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.12.29 03:18:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
08.08.2011, 09:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop Samsung R700 scrollt einfach nach unten! Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Laptop Samsung R700 scrollt einfach nach unten! |
| administrator, appdata, avast, bios, boot, cpu, dateien, desktop, dvd, forum, free, geld, gmer, home, iexplore.exe, installation, internet, laptop, local disk, office, ordner, scan, start, start menu, suche, windows |
Textbox.
.
Linear-Darstellung
