| |
| |||||||
Log-Analyse und Auswertung: Google leitet mich auf falsche Seiten umWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.10.2011, 07:46
| #1 |
| |  Google leitet mich auf falsche Seiten um Hallo liebe Leute, ich bin neu hier und suche Hilfe für meinen Web Browser. Wie im Thema beschrieben, kann ich beim Internet Explorer und auch beim Morzilla, über Google eswas suchen und bekomme auch korrekte Suchergebnisse angezeigt. Wähle ich dann ein Ergebnis an, werde ich auf Seiten umgeleitet, welche ich nie gewählt habe und auch nicht zum Suchergebnis gehören. Das ganze beginnt mit einer IP Adresse 64.111.199.245 und anschließender Umleitung. Habe Kaspersky Internet Security 2012 auf dem System. Das Programm kann aber nichts finden und meldet mir das System als sauber. Ich hoffe hier im Forum auf Hilfe und habe mal mein Logfile kopiert: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:42:47, on 17.10.2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe C:\Razer\Lachesis\razerhid.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Razer\Lachesis\OSD.exe C:\Kaspersky Internet Security 2012\avp.exe C:\Razer\Lachesis\razertra.exe C:\Razer\Lachesis\razerofa.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webcountdown.de/?a=unyRQMR&k=xjJd R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Kaspersky Internet Security 2012\ievkbd.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Kaspersky Internet Security 2012\klwtbbho.dll O4 - HKLM\..\Run: [Lachesis] C:\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Kaspersky Internet Security 2012\avp.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: add to &BOM - C:\\BIET-O~1\\\\AddToBOM.hta O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Kaspersky Internet Security 2012\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Kaspersky Internet Security 2012\ievkbd.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Kaspersky Internet Security 2012\klwtbbho.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{76189226-7e47-4fea-9698-40f40b14fae5}: NameServer = 62.109.123.197 213.191.74.19 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Kaspersky Internet Security 2012\avp.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Nero 9\Nero BackItUp 4\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12146 bytes Schon mal vielen Dank Meik |
|
17.10.2011, 11:04
| #2 |
| | Google leitet mich auf falsche Seiten um Hallo liebe Leute,
__________________ich habe gelesen, dass HijackThis Files hier nicht gebraucht werden können und möchte mich gleich entschuldigen, dass ich hier voreilig gepostet habe. nun habe ich die Anleitung abgearbeitet: Schritt 1 läuft bei mir ins Leere, da Defogger zwar schreibt "finish" aber der Inhalt der Datei ist nicht wirklich dolle: defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:50 on 17/10/2011 (Meik Shepard) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Habe dann mit Schritt 2 weiter gemacht und OTL nach Anweisung eingesetzt. Hier habe ich aber nur eine LOG Datei bekommen, welche hier folgt. OTL hat keine EXTRA.txt generiert.OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.10.2011 11:42:56 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Meik Shepard\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,72% Memory free 15,99 Gb Paging File | 14,20 Gb Available in Paging File | 88,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 863,00 Gb Total Space | 607,98 Gb Free Space | 70,45% Space Free | Partition Type: NTFS Drive D: | 999,92 Gb Total Space | 731,97 Gb Free Space | 73,20% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 880,67 Gb Free Space | 94,54% Space Free | Partition Type: NTFS Computer Name: MEIKSHEPARD-PC | User Name: Meik Shepard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\Meik Shepard\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Razer\Lachesis\razerhid.exe () PRC - C:\Razer\Lachesis\razertra.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Nero 9\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - C:\Razer\Lachesis\OSD.exe (razercfg MFC Application) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Razer\Lachesis\razerofa.exe (Razer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Meik Shepard\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (lmab_device) -- C:\Windows\SysNative\LMabcoms.exe ( ) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AVP) -- C:\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (lmab_device) -- C:\Windows\SysWow64\LMabcoms.exe ( ) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (PLFlash DeviceIoControl Service) -- C:\Nero 9\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (ip100Avista) -- C:\Windows\SysNative\drivers\ipfnd51.sys (IC Plus Corp. ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webcountdown.de/?a=unyRQMR&k=xjJd IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 0A B0 73 8B 7A CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.374 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.441 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.441 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Meik Shepard\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Meik Shepard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.12.22 16:44:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.10.07 07:34:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011.10.07 07:34:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011.10.07 07:34:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Mozilla Firefox\components [2011.09.14 08:13:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.09.14 08:13:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Mozilla Firefox\components [2011.09.14 08:13:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.09.14 08:13:36 | 000,000,000 | ---D | M] [2010.11.02 16:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meik Shepard\AppData\Roaming\mozilla\Extensions [2010.11.03 19:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meik Shepard\AppData\Roaming\mozilla\Firefox\Profiles\vzjx8mj7.default\extensions [2011.10.07 07:34:44 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU [2011.10.07 07:34:44 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011.06.13 12:24:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.05.18 18:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.20 07:45:20 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.24 09:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.09.28 18:21:57 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU [2010.12.22 16:44:14 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC O1 HOSTS File: ([2011.07.28 16:51:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Lachesis] C:\Razer\Lachesis\razerhid.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: add to &BOM - C:\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: add to &BOM - C:\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2444B140-7EE5-4811-2C8B-D5BBBFA19084} - Offline Browsing Pack ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {AEB4D6F1-4AC8-7159-8CD0-FDB36C013EAF} - Internet Explorer ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk - C:\BlackBerry\DesktopMgr.exe - (Research In Motion Limited) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - C:\WISO\Sparbuch 2010\meinsparbuchheute.exe - () MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - C:\CloneCD\CloneCDTray.exe (SlySoft, Inc.) MsConfig:64bit - StartUpReg: Corel File Shell Monitor - hkey= - key= - C:\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe () MsConfig:64bit - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe () MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Nero 9\Nero BackItUp 4\NBKeyScan.exe (Nero AG) MsConfig:64bit - StartUpReg: PC Suite Tray - hkey= - key= - C:\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.12 18:22:00 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\Desktop\bootbios [2011.10.12 17:54:08 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\Desktop\LAN Treiber [2011.10.12 17:49:12 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\Desktop\Chipset Update [2011.10.12 17:47:55 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\Desktop\BIOS Update [2011.10.11 20:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2011.10.11 20:49:08 | 000,000,000 | ---D | C] -- C:\WinSCP [2011.10.11 20:02:09 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Users\Meik Shepard\Desktop\putty.exe [2011.10.10 12:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Synetic [2011.10.10 12:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobra 11 - Burning Wheels [2011.10.09 17:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt [2011.09.28 18:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2011.09.28 18:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.09.28 18:20:58 | 000,000,000 | ---D | C] -- C:\Kaspersky Internet Security 2012 [2011.09.28 18:20:49 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.09.28 18:14:18 | 145,454,840 | ---- | C] (Kaspersky Lab) -- C:\Users\Meik Shepard\Desktop\kis12.0.0.374de.exe [2011.09.25 14:50:43 | 000,000,000 | ---D | C] -- C:\Windows\de [2011.09.25 14:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011.09.25 14:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2011.09.25 14:46:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.09.25 14:43:38 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\AppData\Local\Windows Live [2011.09.25 14:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010.11.02 20:24:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Meik Shepard\AppData\Roaming\pcouffin.sys [2010.11.02 16:02:19 | 001,044,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabserv.dll [2010.11.02 16:02:19 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomc.dll [2010.11.02 16:02:19 | 000,593,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcoms.exe [2010.11.02 16:02:19 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomm.dll [2010.11.02 16:02:19 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabhcp.dll [2010.07.07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2010.07.07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.17 11:31:17 | 000,000,000 | ---- | M] () -- C:\Users\Meik Shepard\defogger_reenable [2011.10.17 11:29:31 | 000,050,477 | ---- | M] () -- C:\Users\Meik Shepard\Desktop\Defogger.exe [2011.10.17 10:48:44 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.17 10:48:44 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.17 10:47:52 | 000,062,662 | ---- | M] () -- C:\Users\Meik Shepard\Desktop\301661_165562766867276_100002406600041_303473_124357284_n.jpg [2011.10.17 10:45:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.17 10:41:42 | 000,000,443 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2011.10.17 10:40:48 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.17 10:40:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.17 10:40:31 | 2145,947,647 | -HS- | M] () -- C:\hiberfil.sys [2011.10.17 09:18:34 | 000,061,852 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.17 09:18:34 | 000,061,852 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.17 09:18:34 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.16 14:27:13 | 001,964,971 | ---- | M] () -- C:\Users\Meik Shepard\Desktop\Neue Robe^^.png [2011.10.14 15:01:40 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.10.14 08:24:55 | 001,473,378 | ---- | M] () -- C:\Users\Meik Shepard\Desktop\Hutt.png [2011.10.14 08:24:27 | 001,123,789 | ---- | M] () -- C:\Users\Meik Shepard\Desktop\Agent.png [2011.10.14 08:24:00 | 001,637,261 | ---- | M] () -- C:\Users\Meik Shepard\Desktop\Lichtschwert und Gefährte.png [2011.10.12 18:05:29 | 001,527,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.12 18:05:29 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.12 18:05:29 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.12 18:05:29 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.12 18:05:29 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.12 14:56:07 | 000,062,280 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 14:56:07 | 000,062,280 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 14:56:07 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 12:49:36 | 000,334,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.12 09:31:32 | 000,000,600 | ---- | M] () -- C:\Users\Meik Shepard\AppData\Roaming\winscp.rnd [2011.10.12 09:30:22 | 000,000,600 | ---- | M] () -- C:\Users\Meik Shepard\AppData\Local\PUTTY.RND [2011.10.11 20:49:09 | 000,001,416 | ---- | M] () -- C:\Users\Meik Shepard\Desktop\WinSCP.lnk [2011.10.11 20:02:09 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Meik Shepard\Desktop\putty.exe [2011.10.10 12:53:06 | 000,000,650 | ---- | M] () -- C:\Users\Public\Desktop\Cobra 11 - Burning Wheels spielen.lnk [2011.10.04 07:28:00 | 500,911,535 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.28 18:37:46 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011.09.28 18:37:45 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011.09.28 18:21:37 | 001,793,984 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2011.09.28 18:20:49 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.09.28 18:18:16 | 145,454,840 | ---- | M] (Kaspersky Lab) -- C:\Users\Meik Shepard\Desktop\kis12.0.0.374de.exe [2011.09.25 14:49:17 | 000,000,020 | ---- | M] () -- C:\Windows\œ÷i [2011.09.23 16:23:10 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011.09.23 16:23:09 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.17 11:31:17 | 000,000,000 | ---- | C] () -- C:\Users\Meik Shepard\defogger_reenable [2011.10.17 11:29:31 | 000,050,477 | ---- | C] () -- C:\Users\Meik Shepard\Desktop\Defogger.exe [2011.10.17 10:47:51 | 000,062,662 | ---- | C] () -- C:\Users\Meik Shepard\Desktop\301661_165562766867276_100002406600041_303473_124357284_n.jpg [2011.10.16 14:25:45 | 001,964,971 | ---- | C] () -- C:\Users\Meik Shepard\Desktop\Neue Robe^^.png [2011.10.14 08:21:04 | 001,123,789 | ---- | C] () -- C:\Users\Meik Shepard\Desktop\Agent.png [2011.10.14 08:20:59 | 001,473,378 | ---- | C] () -- C:\Users\Meik Shepard\Desktop\Hutt.png [2011.10.14 08:20:54 | 001,637,261 | ---- | C] () -- C:\Users\Meik Shepard\Desktop\Lichtschwert und Gefährte.png [2011.10.12 15:21:16 | 000,061,852 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 15:21:16 | 000,061,852 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 15:21:16 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.11 20:59:22 | 000,000,600 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Local\PUTTY.RND [2011.10.11 20:49:14 | 000,000,600 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\winscp.rnd [2011.10.11 20:49:09 | 000,001,416 | ---- | C] () -- C:\Users\Meik Shepard\Desktop\WinSCP.lnk [2011.10.10 12:53:06 | 000,000,650 | ---- | C] () -- C:\Users\Public\Desktop\Cobra 11 - Burning Wheels spielen.lnk [2011.10.04 07:28:00 | 500,911,535 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.09.28 18:22:02 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2011.09.28 18:22:02 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2011.09.25 14:49:54 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2011.09.25 14:49:33 | 000,001,382 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2011.09.25 14:49:17 | 000,000,020 | ---- | C] () -- C:\Windows\œ÷i [2011.08.17 11:25:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0852.old [2011.08.14 16:19:10 | 000,017,408 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Local\WebpageIcons.db [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.07.15 08:13:25 | 000,064,000 | RHS- | C] () -- C:\Windows\SysWow64\d3dx9_309.dll [2011.06.10 08:57:29 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.30 16:19:57 | 000,000,622 | ---- | C] () -- C:\Windows\wiso.ini [2011.03.14 09:06:44 | 000,016,384 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.26 17:31:16 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.02.26 17:31:16 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AE6F64A075.sys [2011.02.25 18:21:17 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll [2011.02.25 18:21:17 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2011.01.04 17:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.11.26 21:46:45 | 000,001,041 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\vso_ts_preview.xml [2010.11.26 21:29:49 | 000,000,130 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\default.rss [2010.11.04 21:18:42 | 000,000,100 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Local\fusioncache.dat [2010.11.04 21:18:08 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.02 21:37:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.02 20:24:09 | 000,099,384 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\inst.exe [2010.11.02 20:24:09 | 000,007,859 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\pcouffin.cat [2010.11.02 20:24:09 | 000,001,167 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\pcouffin.inf [2010.11.02 20:18:25 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2010.11.02 19:46:42 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.02 15:34:39 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.11.02 15:34:39 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.11.02 15:08:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.11.02 14:31:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.11.02 14:31:25 | 000,029,596 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.07.07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2010.07.07 14:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2010.07.07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2010.07.07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2010.07.07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2010.07.07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.07.01 03:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011.01.06 12:21:51 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Blackberry Desktop [2011.03.30 16:20:31 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Buhl Data Service [2011.06.10 08:57:40 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\CAD-KAS [2010.11.18 09:45:50 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\elsterformular [2011.07.29 16:55:22 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\ESET [2011.07.27 11:26:54 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\go [2011.01.14 11:49:34 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\IrfanView [2011.07.01 08:23:32 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\LPECommon [2011.05.03 14:40:01 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\NewSoft [2010.12.22 16:49:37 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Nokia [2011.06.06 14:05:42 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Opera [2010.12.22 16:46:37 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\PC Suite [2010.11.02 15:26:30 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Razer [2011.01.06 12:11:35 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Research In Motion [2011.03.23 16:05:25 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\RIFT [2011.03.11 18:41:35 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Samsung [2011.09.18 20:01:21 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Tropico 3 [2011.09.14 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Tropico3 [2010.11.27 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Vso [2011.09.28 18:21:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.08.11 14:21:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.01.28 08:31:41 | 000,000,000 | ---D | M] -- C:\AOL 9.0 VR [2010.11.26 09:46:01 | 000,000,000 | ---D | M] -- C:\AVSMediaPlayer [2011.08.22 13:46:45 | 000,000,000 | ---D | M] -- C:\Biet-O-Matic [2011.01.06 12:50:59 | 000,000,000 | ---D | M] -- C:\BlackBerry [2011.08.11 13:05:48 | 000,000,000 | ---D | M] -- C:\Canon [2010.11.02 20:19:26 | 000,000,000 | ---D | M] -- C:\Carrera [2011.10.14 15:26:44 | 000,000,000 | ---D | M] -- C:\CloneCD [2010.11.02 20:03:49 | 000,000,000 | ---D | M] -- C:\CloneDVD2 [2011.08.17 10:13:56 | 000,000,000 | ---D | M] -- C:\Comodo Downloader [2011.08.18 09:15:41 | 000,000,000 | ---D | M] -- C:\COMODO Internet Security [2011.02.26 17:30:48 | 000,000,000 | ---D | M] -- C:\Corel Paint Shop Pro Photo X2 [2011.02.26 17:28:53 | 000,000,000 | ---D | M] -- C:\Corel Paint Shop Pro Photo X2 - Installation Files [2010.11.02 17:05:37 | 000,000,000 | ---D | M] -- C:\Creative [2010.11.29 21:34:56 | 000,000,000 | ---D | M] -- C:\Das Böse unter der Sonne [2011.08.16 19:43:22 | 000,000,000 | ---D | M] -- C:\Digicam [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.11.02 14:27:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.02.24 19:43:40 | 000,000,000 | ---D | M] -- C:\Downloads [2011.09.10 13:22:12 | 000,000,000 | ---D | M] -- C:\DVD Shrink DE [2011.10.09 17:51:54 | 000,000,000 | ---D | M] -- C:\DVDFab 8 [2010.11.18 09:45:42 | 000,000,000 | ---D | M] -- C:\ElsterFormular [2010.11.02 20:29:37 | 000,000,000 | ---D | M] -- C:\EVEREST Ultimate Edition [2011.02.26 18:05:25 | 000,000,000 | ---D | M] -- C:\FBBM [2010.11.27 12:10:59 | 000,000,000 | ---D | M] -- C:\Free DVD Video Converter [2010.11.02 14:32:16 | 000,000,000 | ---D | M] -- C:\Intel [2011.01.14 11:49:34 | 000,000,000 | ---D | M] -- C:\IrfanView [2010.11.02 16:30:08 | 000,000,000 | ---D | M] -- C:\jv16 PowerTools 2009 [2010.11.02 17:08:12 | 000,000,000 | ---D | M] -- C:\jv16 PowerTools 2010 [2011.10.07 17:53:03 | 000,000,000 | ---D | M] -- C:\Kaspersky Internet Security 2012 [2011.02.25 18:05:57 | 000,000,000 | ---D | M] -- C:\lexmark [2011.08.23 18:47:04 | 000,000,000 | ---D | M] -- C:\Lustiges [2010.11.02 15:08:03 | 000,000,000 | ---D | M] -- C:\Microsoft Office [2011.10.15 11:37:49 | 000,000,000 | ---D | M] -- C:\Mozilla Firefox [2010.11.02 21:14:03 | 000,000,000 | ---D | M] -- C:\Nero 9 [2010.12.22 16:44:14 | 000,000,000 | ---D | M] -- C:\Nokia [2010.11.02 14:48:48 | 000,000,000 | ---D | M] -- C:\NVIDIA [2010.11.11 09:14:01 | 000,000,000 | ---D | M] -- C:\NVIDIA Corporation [2011.06.10 10:30:08 | 000,000,000 | ---D | M] -- C:\PDF Editor 3 [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.08.30 20:58:24 | 000,000,000 | R--D | M] -- C:\Program Files [2011.09.25 14:49:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.10.10 12:53:07 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.11.02 14:27:18 | 000,000,000 | -HSD | M] -- C:\Programme [2010.11.02 14:35:45 | 000,000,000 | ---D | M] -- C:\RaidTool [2010.11.02 15:23:42 | 000,000,000 | ---D | M] -- C:\Razer [2010.11.02 14:27:19 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.08.18 09:19:33 | 000,000,000 | ---D | M] -- C:\Security Task Manager [2010.11.02 19:46:09 | 000,000,000 | ---D | M] -- C:\SlySoft [2011.08.15 07:41:15 | 000,000,000 | ---D | M] -- C:\Spybot - Search & Destroy [2011.09.29 07:15:21 | 000,000,000 | ---D | M] -- C:\Spyware Doctor [2011.07.04 10:35:27 | 000,000,000 | ---D | M] -- C:\SWGEmu [2011.10.17 11:43:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.26 17:22:08 | 000,000,000 | ---D | M] -- C:\temp [2011.09.12 08:26:29 | 000,000,000 | R--D | M] -- C:\Users [2010.11.26 21:46:21 | 000,000,000 | ---D | M] -- C:\VSO [2011.10.17 10:40:25 | 000,000,000 | ---D | M] -- C:\Windows [2011.10.11 20:49:09 | 000,000,000 | ---D | M] -- C:\WinSCP [2011.03.30 16:13:26 | 000,000,000 | ---D | M] -- C:\WISO [2011.07.28 16:51:13 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Schritt 3 sollte auf einem 64 Bit System ja nicht durchgeführt werden. So ich hoffe, dass ich nun alles richtig gemacht habe und entschuldige mich nochmal für das Posten der HijackThis Log. Nette Grüße Meik |
|
17.10.2011, 15:17
| #3 |
| /// Malware-holic   | Google leitet mich auf falsche Seiten um hi
__________________combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ |
|
17.10.2011, 16:15
| #4 |
| | Google leitet mich auf falsche Seiten um Hallo Markus, ich habe Combofix laufen lassen und nun diese riesige Datei bekommen: Combofix Logfile: Code:
ATTFilter ComboFix 11-10-17.01 - Meik Shepard 17.10.2011 16:54:16.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8190.6602 [GMT 2:00]
ausgeführt von:: c:\users\Meik Shepard\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Meik Shepard\AppData\Roaming\inst.exe
c:\users\Meik Shepard\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-17 bis 2011-10-17 ))))))))))))))))))))))))))))))
.
.
2011-10-12 10:44 . 2011-09-01 05:35 174368 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-10-12 08:53 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 08:53 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 08:53 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 08:53 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 08:53 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 08:53 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 08:53 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 08:53 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 08:53 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 18:49 . 2011-10-11 18:49 -------- d-----w- C:\WinSCP
2011-10-10 10:53 . 2011-10-10 10:53 -------- d-----w- c:\programdata\Synetic
2011-09-28 16:20 . 2011-10-17 15:00 -------- d-----w- c:\programdata\Kaspersky Lab
2011-09-28 16:20 . 2011-10-07 15:53 -------- d-----w- C:\Kaspersky Internet Security 2012
2011-09-25 12:50 . 2011-09-25 12:50 -------- d-----w- c:\windows\de
2011-09-25 12:49 . 2011-09-25 12:49 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-25 12:46 . 2011-09-25 12:49 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-25 12:46 . 2011-09-25 12:46 -------- d-----w- c:\windows\PCHEALTH
2011-09-25 12:43 . 2011-09-25 12:43 -------- d-----w- c:\users\Meik Shepard\AppData\Local\Windows Live
2011-09-25 12:43 . 2011-09-25 12:43 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-09-23 14:23 . 2011-08-08 17:44 809560 ----a-r- c:\windows\SysWow64\tmp5DAA.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-25 12:46 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-23 14:23 . 2010-11-02 13:34 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-23 14:23 . 2010-11-02 13:34 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-08-11 12:12 . 2011-02-26 15:31 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2011-08-11 12:12 . 2011-02-26 15:31 88 --sh--r- c:\programdata\AE6F64A075.sys
2011-08-08 17:44 . 2011-08-08 17:44 809560 ----a-r- c:\windows\SysWow64\tmp5D7A.tmp
2011-08-03 11:50 . 2011-09-12 06:26 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-09-12 06:25 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-09-12 06:25 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-09-12 06:25 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-09-12 06:25 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-09-12 06:25 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-09-12 06:25 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-09-12 06:25 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-09-12 06:25 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-09-12 06:25 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-12 06:25 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-12 06:25 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-09-12 06:25 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-09-12 06:25 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-09-12 06:25 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-09-12 06:25 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-09-12 06:25 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-02-23 06:28 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-02-23 06:28 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2010-11-02 12:49 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2010-11-02 12:49 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2010-11-02 12:49 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2010-10-16 12:13 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2010-10-16 12:13 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2010-10-16 12:13 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-10-16 12:13 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2010-10-16 12:13 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2010-10-16 12:13 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-07-22 17:09 . 2011-07-22 17:09 277096 ----a-w- c:\windows\system32\drivers\nvstusb.sys
2011-07-21 07:04 . 2011-07-21 07:04 388096 ----a-r- c:\users\Meik Shepard\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lachesis"="c:\razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"AVP"="c:\kaspersky internet security 2012\avp.exe" [2011-04-24 202296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\microsoft office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-02 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-02 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-11-02 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]
R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 ip100Avista;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 16:05]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 16:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-04-11 26704]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.webcountdown.de/?a=unyRQMR&k=xjJd
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: add to &BOM - c:\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft &Excel exportieren - c:\micros~1\Office10\EXCEL.EXE/3000
TCP: Interfaces\{76189226-7e47-4fea-9698-40f40b14fae5}: NameServer = 213.191.92.87 62.109.123.6
FF - ProfilePath - c:\users\Meik Shepard\AppData\Roaming\Mozilla\Firefox\Profiles\vzjx8mj7.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru_bak2 - c:\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Anti-Banner: KavAntiBanner@kaspersky.ru_bak2 - c:\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\kaspersky internet security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\kaspersky internet security 2012\FFExt\linkfilter@kaspersky.ru
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\kaspersky internet security 2012\FFExt\KavAntiBanner@Kaspersky.ru
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-GTA2 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1079964734-2200216475-1980935928-1001\Software\SecuROM\License information*]
"datasecu"=hex:3a,6d,71,8e,01,b2,40,a1,14,05,29,4c,10,68,ab,51,ef,f2,5b,c6,6a,
35,2e,7a,3b,0e,ad,f2,96,08,4d,3c,a5,bf,b8,c0,0b,38,3c,94,93,67,be,0e,96,05,\
"rkeysecu"=hex:40,40,24,7f,48,8f,46,2b,4d,a1,e8,fb,f8,8f,8f,f4
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\nero 9\Nero BackItUp 4\IoctlSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-17 17:06:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-10-17 15:06
.
Vor Suchlauf: 54 Verzeichnis(se), 652.408.102.912 Bytes frei
Nach Suchlauf: 57 Verzeichnis(se), 652.858.376.192 Bytes frei
.
- - End Of File - - BC10256293AAF3828CE16ADAF6C0AA0C
Ich hoffe, dass ich alles richtig gemacht habe. Nette Grüße Meik |
|
17.10.2011, 16:25
| #5 |
| /// Malware-holic | Google leitet mich auf falsche Seiten um malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.10.2011, 18:24
| #6 |
| | Google leitet mich auf falsche Seiten um Hallo Markus, hier das Logfile von Malewarebite: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7965 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 17.10.2011 19:20:46 mbam-log-2011-10-17 (19-20-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 369701 Laufzeit: 35 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Gruß Meik |
|
17.10.2011, 18:56
| #7 |
| /// Malware-holic | Google leitet mich auf falsche Seiten um wird noch umgeleitet? wenn ja zu ner bestimmten seite?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.10.2011, 06:28
| #8 |
| | Google leitet mich auf falsche Seiten um Leider wird immer noch umgeleitet. Es beginnt mit einer folgender IP: 64.111.199.245 anschließend lande ich dann auf immer verschiedenen Seiten. Erst die IP Adresse, dann zb. diese Seite als Ziel: hxxp://www.balagana.net/ Mal kommt es vor, das eine bekannte Webseite folgendes Ergebnis zeigt  ie Webseite kann nicht angezeigt werdenOder es erscheint die IP, dann kurz Ringtonpartner und dann endet die Reise auf : hxxp://minisites.mypengo.com/Default.aspx?networkid=324&siteid=17686044&uc=12101831124_1dc9c3_51_80_4e9d0d41_5d82dfaf_0_0 Es ist halt immer mal eine andere Seite, auf die ich komme. Klicke ich während der Umleitung auf den Zurück Pfeil und klicke erneut das Suchergebnis an, kommt ne andere Seite, wiederhole ich den Vorgang, komme ich meist zur gewünschten Seite Gruß Meik |
|
18.10.2011, 12:52
| #9 |
| /// Malware-holic | Google leitet mich auf falsche Seiten um nutze mal den tdss killer,log posten http://www.trojaner-board.de/82358-t...entfernen.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.10.2011, 16:37
| #10 |
| | Google leitet mich auf falsche Seiten um Auch dieses Programm hat nichts gefunden, hier das Logfile vom TDSS Killer: 17:29:48.0004 5956 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23 17:29:48.0234 5956 ============================================================ 17:29:48.0234 5956 Current date / time: 2011/10/18 17:29:48.0234 17:29:48.0234 5956 SystemInfo: 17:29:48.0234 5956 17:29:48.0234 5956 OS Version: 6.1.7601 ServicePack: 1.0 17:29:48.0234 5956 Product type: Workstation 17:29:48.0234 5956 ComputerName: MEIKSHEPARD-PC 17:29:48.0234 5956 UserName: Meik Shepard 17:29:48.0234 5956 Windows directory: C:\Windows 17:29:48.0234 5956 System windows directory: C:\Windows 17:29:48.0234 5956 Running under WOW64 17:29:48.0234 5956 Processor architecture: Intel x64 17:29:48.0234 5956 Number of processors: 8 17:29:48.0234 5956 Page size: 0x1000 17:29:48.0234 5956 Boot type: Normal boot 17:29:48.0234 5956 ============================================================ 17:29:54.0745 5956 Initialize success 17:30:03.0686 6028 ============================================================ 17:30:03.0686 6028 Scan started 17:30:03.0686 6028 Mode: Manual; 17:30:03.0686 6028 ============================================================ 17:30:04.0786 6028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 17:30:04.0796 6028 1394ohci - ok 17:30:04.0836 6028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 17:30:04.0846 6028 ACPI - ok 17:30:04.0866 6028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 17:30:04.0876 6028 AcpiPmi - ok 17:30:04.0926 6028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 17:30:04.0926 6028 adp94xx - ok 17:30:04.0956 6028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 17:30:04.0956 6028 adpahci - ok 17:30:04.0986 6028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 17:30:04.0986 6028 adpu320 - ok 17:30:05.0066 6028 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 17:30:05.0076 6028 AFD - ok 17:30:05.0106 6028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 17:30:05.0106 6028 agp440 - ok 17:30:05.0136 6028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 17:30:05.0136 6028 aliide - ok 17:30:05.0156 6028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 17:30:05.0166 6028 amdide - ok 17:30:05.0176 6028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 17:30:05.0176 6028 AmdK8 - ok 17:30:05.0196 6028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 17:30:05.0196 6028 AmdPPM - ok 17:30:05.0256 6028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 17:30:05.0266 6028 amdsata - ok 17:30:05.0286 6028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 17:30:05.0306 6028 amdsbs - ok 17:30:05.0356 6028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 17:30:05.0356 6028 amdxata - ok 17:30:05.0396 6028 AnyDVD (aa10a90af32ba0682820a51fbc4ace90) C:\Windows\system32\Drivers\AnyDVD.sys 17:30:05.0416 6028 AnyDVD - ok 17:30:05.0456 6028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 17:30:05.0456 6028 AppID - ok 17:30:05.0506 6028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 17:30:05.0516 6028 arc - ok 17:30:05.0536 6028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 17:30:05.0546 6028 arcsas - ok 17:30:05.0586 6028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 17:30:05.0586 6028 AsyncMac - ok 17:30:05.0636 6028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 17:30:05.0636 6028 atapi - ok 17:30:05.0736 6028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 17:30:05.0746 6028 b06bdrv - ok 17:30:05.0766 6028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 17:30:05.0776 6028 b57nd60a - ok 17:30:05.0816 6028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 17:30:05.0816 6028 Beep - ok 17:30:05.0896 6028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 17:30:05.0896 6028 blbdrive - ok 17:30:05.0946 6028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 17:30:05.0956 6028 bowser - ok 17:30:05.0966 6028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:30:05.0966 6028 BrFiltLo - ok 17:30:05.0976 6028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:30:05.0976 6028 BrFiltUp - ok 17:30:06.0016 6028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 17:30:06.0016 6028 Brserid - ok 17:30:06.0026 6028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 17:30:06.0036 6028 BrSerWdm - ok 17:30:06.0046 6028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:30:06.0046 6028 BrUsbMdm - ok 17:30:06.0056 6028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 17:30:06.0056 6028 BrUsbSer - ok 17:30:06.0066 6028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 17:30:06.0076 6028 BTHMODEM - ok 17:30:06.0246 6028 catchme - ok 17:30:06.0276 6028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 17:30:06.0276 6028 cdfs - ok 17:30:06.0316 6028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 17:30:06.0316 6028 cdrom - ok 17:30:06.0336 6028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 17:30:06.0336 6028 circlass - ok 17:30:06.0366 6028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 17:30:06.0366 6028 CLFS - ok 17:30:06.0456 6028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 17:30:06.0456 6028 CmBatt - ok 17:30:06.0486 6028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 17:30:06.0486 6028 cmdide - ok 17:30:06.0536 6028 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 17:30:06.0546 6028 CNG - ok 17:30:06.0566 6028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 17:30:06.0576 6028 Compbatt - ok 17:30:06.0616 6028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 17:30:06.0626 6028 CompositeBus - ok 17:30:06.0666 6028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 17:30:06.0666 6028 crcdisk - ok 17:30:06.0766 6028 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS 17:30:06.0776 6028 CT20XUT - ok 17:30:06.0796 6028 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS 17:30:06.0796 6028 CT20XUT.SYS - ok 17:30:06.0836 6028 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys 17:30:06.0866 6028 ctac32k - ok 17:30:06.0896 6028 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys 17:30:06.0906 6028 ctaud2k - ok 17:30:06.0956 6028 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS 17:30:06.0976 6028 CTEXFIFX - ok 17:30:06.0996 6028 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS 17:30:07.0006 6028 CTEXFIFX.SYS - ok 17:30:07.0026 6028 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS 17:30:07.0026 6028 CTHWIUT - ok 17:30:07.0036 6028 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS 17:30:07.0036 6028 CTHWIUT.SYS - ok 17:30:07.0066 6028 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys 17:30:07.0066 6028 ctprxy2k - ok 17:30:07.0096 6028 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys 17:30:07.0106 6028 ctsfm2k - ok 17:30:07.0186 6028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 17:30:07.0186 6028 DfsC - ok 17:30:07.0216 6028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 17:30:07.0216 6028 discache - ok 17:30:07.0256 6028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 17:30:07.0256 6028 Disk - ok 17:30:07.0306 6028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 17:30:07.0316 6028 drmkaud - ok 17:30:07.0356 6028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 17:30:07.0366 6028 DXGKrnl - ok 17:30:07.0466 6028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 17:30:07.0496 6028 ebdrv - ok 17:30:07.0596 6028 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys 17:30:07.0596 6028 ElbyCDFL - ok 17:30:07.0656 6028 ElbyCDIO (65e0ec00c209d4f2618f8ff0dd4ea444) C:\Windows\system32\Drivers\ElbyCDIO.sys 17:30:07.0656 6028 ElbyCDIO - ok 17:30:07.0696 6028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 17:30:07.0706 6028 elxstor - ok 17:30:07.0736 6028 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys 17:30:07.0736 6028 emupia - ok 17:30:07.0776 6028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 17:30:07.0776 6028 ErrDev - ok 17:30:07.0796 6028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 17:30:07.0806 6028 exfat - ok 17:30:07.0846 6028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 17:30:07.0846 6028 fastfat - ok 17:30:07.0886 6028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 17:30:07.0886 6028 fdc - ok 17:30:07.0916 6028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 17:30:07.0916 6028 FileInfo - ok 17:30:07.0936 6028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 17:30:07.0946 6028 Filetrace - ok 17:30:07.0956 6028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 17:30:07.0956 6028 flpydisk - ok 17:30:08.0016 6028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 17:30:08.0026 6028 FltMgr - ok 17:30:08.0076 6028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 17:30:08.0076 6028 FsDepends - ok 17:30:08.0096 6028 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 17:30:08.0106 6028 Fs_Rec - ok 17:30:08.0136 6028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 17:30:08.0146 6028 fvevol - ok 17:30:08.0156 6028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:30:08.0156 6028 gagp30kx - ok 17:30:08.0166 6028 GMSIPCI - ok 17:30:08.0256 6028 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys 17:30:08.0276 6028 ha20x22k - ok 17:30:08.0316 6028 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys 17:30:08.0326 6028 ha20x2k - ok 17:30:08.0346 6028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 17:30:08.0346 6028 hcw85cir - ok 17:30:08.0406 6028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 17:30:08.0426 6028 HdAudAddService - ok 17:30:08.0456 6028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 17:30:08.0456 6028 HDAudBus - ok 17:30:08.0506 6028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 17:30:08.0506 6028 HidBatt - ok 17:30:08.0516 6028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 17:30:08.0516 6028 HidBth - ok 17:30:08.0546 6028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 17:30:08.0546 6028 HidIr - ok 17:30:08.0566 6028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 17:30:08.0566 6028 HidUsb - ok 17:30:08.0596 6028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 17:30:08.0596 6028 HpSAMD - ok 17:30:08.0646 6028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 17:30:08.0656 6028 HTTP - ok 17:30:08.0686 6028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 17:30:08.0686 6028 hwpolicy - ok 17:30:08.0726 6028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 17:30:08.0726 6028 i8042prt - ok 17:30:08.0806 6028 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 17:30:08.0806 6028 iaStor - ok 17:30:08.0846 6028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 17:30:08.0856 6028 iaStorV - ok 17:30:08.0886 6028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 17:30:08.0886 6028 iirsp - ok 17:30:08.0916 6028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 17:30:08.0926 6028 intelide - ok 17:30:08.0946 6028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 17:30:08.0946 6028 intelppm - ok 17:30:08.0986 6028 ip100Avista (733f61bc6995212518386812ce6fd40d) C:\Windows\system32\DRIVERS\ipfnd51.sys 17:30:08.0986 6028 ip100Avista - ok 17:30:09.0036 6028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:30:09.0036 6028 IpFilterDriver - ok 17:30:09.0056 6028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 17:30:09.0056 6028 IPMIDRV - ok 17:30:09.0076 6028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 17:30:09.0076 6028 IPNAT - ok 17:30:09.0096 6028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 17:30:09.0096 6028 IRENUM - ok 17:30:09.0136 6028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 17:30:09.0136 6028 isapnp - ok 17:30:09.0156 6028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 17:30:09.0156 6028 iScsiPrt - ok 17:30:09.0196 6028 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys 17:30:09.0206 6028 JRAID - ok 17:30:09.0226 6028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 17:30:09.0246 6028 kbdclass - ok 17:30:09.0256 6028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 17:30:09.0266 6028 kbdhid - ok 17:30:09.0346 6028 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys 17:30:09.0346 6028 KL1 - ok 17:30:09.0386 6028 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys 17:30:09.0386 6028 kl2 - ok 17:30:09.0436 6028 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys 17:30:09.0436 6028 KLIF - ok 17:30:09.0466 6028 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys 17:30:09.0466 6028 KLIM6 - ok 17:30:09.0476 6028 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys 17:30:09.0486 6028 klmouflt - ok 17:30:09.0506 6028 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 17:30:09.0506 6028 KSecDD - ok 17:30:09.0546 6028 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 17:30:09.0546 6028 KSecPkg - ok 17:30:09.0566 6028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 17:30:09.0576 6028 ksthunk - ok 17:30:09.0606 6028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 17:30:09.0616 6028 lltdio - ok 17:30:09.0656 6028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:30:09.0656 6028 LSI_FC - ok 17:30:09.0676 6028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:30:09.0676 6028 LSI_SAS - ok 17:30:09.0696 6028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:30:09.0706 6028 LSI_SAS2 - ok 17:30:09.0726 6028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:30:09.0726 6028 LSI_SCSI - ok 17:30:09.0756 6028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 17:30:09.0756 6028 luafv - ok 17:30:09.0806 6028 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 17:30:09.0806 6028 MBAMProtector - ok 17:30:09.0866 6028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 17:30:09.0876 6028 megasas - ok 17:30:09.0896 6028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 17:30:09.0916 6028 MegaSR - ok 17:30:09.0956 6028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 17:30:09.0956 6028 Modem - ok 17:30:09.0986 6028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 17:30:09.0986 6028 monitor - ok 17:30:10.0006 6028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 17:30:10.0016 6028 mouclass - ok 17:30:10.0026 6028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 17:30:10.0026 6028 mouhid - ok 17:30:10.0066 6028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 17:30:10.0066 6028 mountmgr - ok 17:30:10.0106 6028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 17:30:10.0106 6028 mpio - ok 17:30:10.0146 6028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 17:30:10.0146 6028 mpsdrv - ok 17:30:10.0186 6028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 17:30:10.0186 6028 MRxDAV - ok 17:30:10.0226 6028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:30:10.0226 6028 mrxsmb - ok 17:30:10.0266 6028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:30:10.0276 6028 mrxsmb10 - ok 17:30:10.0296 6028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:30:10.0296 6028 mrxsmb20 - ok 17:30:10.0326 6028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 17:30:10.0326 6028 msahci - ok 17:30:10.0346 6028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 17:30:10.0346 6028 msdsm - ok 17:30:10.0376 6028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 17:30:10.0376 6028 Msfs - ok 17:30:10.0396 6028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 17:30:10.0396 6028 mshidkmdf - ok 17:30:10.0416 6028 MSICDSetup - ok 17:30:10.0446 6028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 17:30:10.0446 6028 msisadrv - ok 17:30:10.0476 6028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 17:30:10.0476 6028 MSKSSRV - ok 17:30:10.0496 6028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 17:30:10.0496 6028 MSPCLOCK - ok 17:30:10.0516 6028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 17:30:10.0516 6028 MSPQM - ok 17:30:10.0556 6028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 17:30:10.0566 6028 MsRPC - ok 17:30:10.0586 6028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 17:30:10.0586 6028 mssmbios - ok 17:30:10.0616 6028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 17:30:10.0616 6028 MSTEE - ok 17:30:10.0636 6028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 17:30:10.0636 6028 MTConfig - ok 17:30:10.0686 6028 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys 17:30:10.0696 6028 MTsensor - ok 17:30:10.0716 6028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 17:30:10.0716 6028 Mup - ok 17:30:10.0766 6028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 17:30:10.0766 6028 NativeWifiP - ok 17:30:10.0826 6028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 17:30:10.0846 6028 NDIS - ok 17:30:10.0856 6028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 17:30:10.0866 6028 NdisCap - ok 17:30:10.0886 6028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 17:30:10.0886 6028 NdisTapi - ok 17:30:10.0916 6028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 17:30:10.0916 6028 Ndisuio - ok 17:30:10.0956 6028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 17:30:10.0956 6028 NdisWan - ok 17:30:11.0016 6028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 17:30:11.0016 6028 NDProxy - ok 17:30:11.0066 6028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 17:30:11.0066 6028 NetBIOS - ok 17:30:11.0106 6028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 17:30:11.0106 6028 NetBT - ok 17:30:11.0156 6028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 17:30:11.0156 6028 nfrd960 - ok 17:30:11.0206 6028 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) C:\Windows\system32\drivers\ccdcmbox64.sys 17:30:11.0206 6028 nmwcdcx64 - ok 17:30:11.0226 6028 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) C:\Windows\system32\drivers\ccdcmbx64.sys 17:30:11.0226 6028 nmwcdx64 - ok 17:30:11.0246 6028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 17:30:11.0246 6028 Npfs - ok 17:30:11.0266 6028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 17:30:11.0266 6028 nsiproxy - ok 17:30:11.0326 6028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 17:30:11.0346 6028 Ntfs - ok 17:30:11.0366 6028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 17:30:11.0366 6028 Null - ok 17:30:11.0406 6028 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys 17:30:11.0426 6028 NVHDA - ok 17:30:11.0636 6028 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:30:11.0686 6028 nvlddmkm - ok 17:30:11.0726 6028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 17:30:11.0736 6028 nvraid - ok 17:30:11.0776 6028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 17:30:11.0786 6028 nvstor - ok 17:30:11.0856 6028 NvStUSB (66fbdb104695db602d5e7565e91db35d) C:\Windows\system32\DRIVERS\nvstusb.sys 17:30:11.0856 6028 NvStUSB - ok 17:30:11.0926 6028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 17:30:11.0926 6028 nv_agp - ok 17:30:11.0946 6028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 17:30:11.0956 6028 ohci1394 - ok 17:30:11.0986 6028 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys 17:30:11.0986 6028 ossrv - ok 17:30:12.0026 6028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 17:30:12.0036 6028 Parport - ok 17:30:12.0066 6028 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 17:30:12.0076 6028 partmgr - ok 17:30:12.0136 6028 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 17:30:12.0146 6028 pccsmcfd - ok 17:30:12.0156 6028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 17:30:12.0166 6028 pci - ok 17:30:12.0196 6028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 17:30:12.0196 6028 pciide - ok 17:30:12.0216 6028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 17:30:12.0216 6028 pcmcia - ok 17:30:12.0276 6028 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys 17:30:12.0296 6028 pcouffin - ok 17:30:12.0316 6028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 17:30:12.0316 6028 pcw - ok 17:30:12.0346 6028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 17:30:12.0356 6028 PEAUTH - ok 17:30:12.0476 6028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 17:30:12.0486 6028 PptpMiniport - ok 17:30:12.0506 6028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 17:30:12.0506 6028 Processor - ok 17:30:12.0576 6028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 17:30:12.0576 6028 Psched - ok 17:30:12.0656 6028 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys 17:30:12.0656 6028 PxHlpa64 - ok 17:30:12.0716 6028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 17:30:12.0736 6028 ql2300 - ok 17:30:12.0766 6028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 17:30:12.0766 6028 ql40xx - ok 17:30:12.0796 6028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 17:30:12.0796 6028 QWAVEdrv - ok 17:30:12.0816 6028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 17:30:12.0816 6028 RasAcd - ok 17:30:12.0846 6028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:30:12.0846 6028 RasAgileVpn - ok 17:30:12.0886 6028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:30:12.0886 6028 Rasl2tp - ok 17:30:12.0916 6028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 17:30:12.0916 6028 RasPppoe - ok 17:30:12.0936 6028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 17:30:12.0936 6028 RasSstp - ok 17:30:12.0986 6028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 17:30:12.0996 6028 rdbss - ok 17:30:13.0016 6028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 17:30:13.0016 6028 rdpbus - ok 17:30:13.0036 6028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:30:13.0046 6028 RDPCDD - ok 17:30:13.0066 6028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 17:30:13.0066 6028 RDPENCDD - ok 17:30:13.0086 6028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 17:30:13.0096 6028 RDPREFMP - ok 17:30:13.0116 6028 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 17:30:13.0126 6028 RDPWD - ok 17:30:13.0166 6028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 17:30:13.0176 6028 rdyboost - ok 17:30:13.0236 6028 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 17:30:13.0246 6028 RimUsb - ok 17:30:13.0286 6028 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 17:30:13.0296 6028 RimVSerPort - ok 17:30:13.0336 6028 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys 17:30:13.0336 6028 ROOTMODEM - ok 17:30:13.0376 6028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 17:30:13.0376 6028 rspndr - ok 17:30:13.0436 6028 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 17:30:13.0436 6028 RTL8167 - ok 17:30:13.0476 6028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 17:30:13.0486 6028 sbp2port - ok 17:30:13.0526 6028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 17:30:13.0526 6028 scfilter - ok 17:30:13.0556 6028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:30:13.0556 6028 secdrv - ok 17:30:13.0586 6028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 17:30:13.0586 6028 Serenum - ok 17:30:13.0606 6028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 17:30:13.0616 6028 Serial - ok 17:30:13.0636 6028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 17:30:13.0646 6028 sermouse - ok 17:30:13.0696 6028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 17:30:13.0696 6028 sffdisk - ok 17:30:13.0706 6028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 17:30:13.0716 6028 sffp_mmc - ok 17:30:13.0736 6028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 17:30:13.0736 6028 sffp_sd - ok 17:30:13.0756 6028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 17:30:13.0766 6028 sfloppy - ok 17:30:13.0786 6028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:30:13.0786 6028 SiSRaid2 - ok 17:30:13.0806 6028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 17:30:13.0816 6028 SiSRaid4 - ok 17:30:13.0836 6028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 17:30:13.0846 6028 Smb - ok 17:30:13.0896 6028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 17:30:13.0896 6028 spldr - ok 17:30:13.0956 6028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 17:30:13.0966 6028 srv - ok 17:30:13.0986 6028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 17:30:13.0996 6028 srv2 - ok 17:30:14.0016 6028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 17:30:14.0016 6028 srvnet - ok 17:30:14.0066 6028 ssadbus (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys 17:30:14.0066 6028 ssadbus - ok 17:30:14.0096 6028 ssadmdfl (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys 17:30:14.0096 6028 ssadmdfl - ok 17:30:14.0116 6028 ssadmdm (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys 17:30:14.0116 6028 ssadmdm - ok 17:30:14.0206 6028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 17:30:14.0216 6028 stexstor - ok 17:30:14.0246 6028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 17:30:14.0246 6028 swenum - ok 17:30:14.0336 6028 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys 17:30:14.0356 6028 Tcpip - ok 17:30:14.0386 6028 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys 17:30:14.0396 6028 TCPIP6 - ok 17:30:14.0436 6028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 17:30:14.0436 6028 tcpipreg - ok 17:30:14.0466 6028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 17:30:14.0466 6028 TDPIPE - ok 17:30:14.0476 6028 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 17:30:14.0476 6028 TDTCP - ok 17:30:14.0517 6028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 17:30:14.0517 6028 tdx - ok 17:30:14.0537 6028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 17:30:14.0537 6028 TermDD - ok 17:30:14.0557 6028 TfFsMon - ok 17:30:14.0577 6028 TfNetMon - ok 17:30:14.0617 6028 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys 17:30:14.0617 6028 TFsExDisk - ok 17:30:14.0647 6028 TFSysMon - ok 17:30:14.0697 6028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:30:14.0697 6028 tssecsrv - ok 17:30:14.0747 6028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 17:30:14.0747 6028 TsUsbFlt - ok 17:30:14.0787 6028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 17:30:14.0787 6028 tunnel - ok 17:30:14.0807 6028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 17:30:14.0807 6028 uagp35 - ok 17:30:14.0857 6028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 17:30:14.0857 6028 udfs - ok 17:30:14.0897 6028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 17:30:14.0897 6028 uliagpkx - ok 17:30:14.0937 6028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 17:30:14.0937 6028 umbus - ok 17:30:14.0967 6028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 17:30:14.0977 6028 UmPass - ok 17:30:15.0017 6028 upperdev (bcd611d240604ceee7f90805361fab50) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 17:30:15.0027 6028 upperdev - ok 17:30:15.0047 6028 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 17:30:15.0057 6028 usbaudio - ok 17:30:15.0087 6028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 17:30:15.0097 6028 usbccgp - ok 17:30:15.0117 6028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 17:30:15.0117 6028 usbcir - ok 17:30:15.0147 6028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 17:30:15.0157 6028 usbehci - ok 17:30:15.0187 6028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 17:30:15.0197 6028 usbhub - ok 17:30:15.0237 6028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 17:30:15.0247 6028 usbohci - ok 17:30:15.0277 6028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 17:30:15.0277 6028 usbprint - ok 17:30:15.0327 6028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 17:30:15.0337 6028 usbscan - ok 17:30:15.0377 6028 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys 17:30:15.0377 6028 usbser - ok 17:30:15.0397 6028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:30:15.0407 6028 USBSTOR - ok 17:30:15.0427 6028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 17:30:15.0427 6028 usbuhci - ok 17:30:15.0477 6028 VaneFltr (18436f7006443fb76145b3d35162a810) C:\Windows\system32\drivers\Lachesis.sys 17:30:15.0487 6028 VaneFltr - ok 17:30:15.0527 6028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 17:30:15.0527 6028 vdrvroot - ok 17:30:15.0557 6028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 17:30:15.0557 6028 vga - ok 17:30:15.0577 6028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 17:30:15.0577 6028 VgaSave - ok 17:30:15.0597 6028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 17:30:15.0607 6028 vhdmp - ok 17:30:15.0617 6028 VIAHdAudAddService - ok 17:30:15.0637 6028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 17:30:15.0647 6028 viaide - ok 17:30:15.0667 6028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 17:30:15.0677 6028 volmgr - ok 17:30:15.0707 6028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 17:30:15.0717 6028 volmgrx - ok 17:30:15.0737 6028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 17:30:15.0737 6028 volsnap - ok 17:30:15.0777 6028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 17:30:15.0777 6028 vsmraid - ok 17:30:15.0807 6028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 17:30:15.0817 6028 vwifibus - ok 17:30:15.0857 6028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 17:30:15.0867 6028 WacomPen - ok 17:30:15.0887 6028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:30:15.0887 6028 WANARP - ok 17:30:15.0887 6028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:30:15.0887 6028 Wanarpv6 - ok 17:30:15.0917 6028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 17:30:15.0917 6028 Wd - ok 17:30:15.0937 6028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:30:15.0947 6028 Wdf01000 - ok 17:30:15.0977 6028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 17:30:15.0977 6028 WfpLwf - ok 17:30:16.0007 6028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 17:30:16.0017 6028 WIMMount - ok 17:30:16.0087 6028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 17:30:16.0087 6028 WinUsb - ok 17:30:16.0167 6028 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys 17:30:16.0177 6028 WmBEnum - ok 17:30:16.0217 6028 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys 17:30:16.0217 6028 WmFilter - ok 17:30:16.0267 6028 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys 17:30:16.0267 6028 WmHidLo - ok 17:30:16.0297 6028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 17:30:16.0297 6028 WmiAcpi - ok 17:30:16.0347 6028 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys 17:30:16.0347 6028 WmVirHid - ok 17:30:16.0377 6028 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys 17:30:16.0387 6028 WmXlCore - ok 17:30:16.0417 6028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 17:30:16.0427 6028 ws2ifsl - ok 17:30:16.0477 6028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 17:30:16.0477 6028 WudfPf - ok 17:30:16.0507 6028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:30:16.0517 6028 WUDFRd - ok 17:30:16.0567 6028 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 17:30:16.0577 6028 xusb21 - ok 17:30:16.0607 6028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:30:16.0627 6028 \Device\Harddisk0\DR0 - ok 17:30:16.0627 6028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 17:30:16.0637 6028 \Device\Harddisk1\DR1 - ok 17:30:16.0637 6028 Boot (0x1200) (0450ab9e957e333b8555378bf61f0797) \Device\Harddisk0\DR0\Partition0 17:30:16.0637 6028 \Device\Harddisk0\DR0\Partition0 - ok 17:30:16.0657 6028 Boot (0x1200) (cde8fd5dbb13320c4faf5a0abd502d07) \Device\Harddisk0\DR0\Partition1 17:30:16.0657 6028 \Device\Harddisk0\DR0\Partition1 - ok 17:30:16.0667 6028 Boot (0x1200) (28c96f58db4f12cc5b1b1f524c8341d9) \Device\Harddisk0\DR0\Partition2 17:30:16.0677 6028 \Device\Harddisk0\DR0\Partition2 - ok 17:30:16.0687 6028 Boot (0x1200) (8c9a845e44d0fd7b8e6cc5eaa16d9938) \Device\Harddisk1\DR1\Partition0 17:30:16.0687 6028 \Device\Harddisk1\DR1\Partition0 - ok 17:30:16.0697 6028 ============================================================ 17:30:16.0697 6028 Scan finished 17:30:16.0697 6028 ============================================================ 17:30:16.0707 1588 Detected object count: 0 17:30:16.0707 1588 Actual detected object count: 0 Gruß Meik |
|
18.10.2011, 16:42
| #11 |
| /// Malware-holic | Google leitet mich auf falsche Seiten um merkwürdig. ok ich benötige noch mal ein frisches otl log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.10.2011, 19:05
| #12 |
| | Google leitet mich auf falsche Seiten um Hier nochmal eine "frische" Datei von OTL, auch in diesem Fall wirft er nur die eine Datei aus: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2011 19:38:11 - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Meik Shepard\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,03% Memory free 15,99 Gb Paging File | 14,28 Gb Available in Paging File | 89,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 863,00 Gb Total Space | 607,62 Gb Free Space | 70,41% Space Free | Partition Type: NTFS Drive D: | 999,92 Gb Total Space | 731,76 Gb Free Space | 73,18% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 880,53 Gb Free Space | 94,53% Space Free | Partition Type: NTFS Computer Name: MEIKSHEPARD-PC | User Name: Meik Shepard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\Meik Shepard\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Razer\Lachesis\razerhid.exe () PRC - C:\Razer\Lachesis\razertra.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Nero 9\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - C:\Razer\Lachesis\OSD.exe (razercfg MFC Application) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Razer\Lachesis\razerofa.exe (Razer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Meik Shepard\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (lmab_device) -- C:\Windows\SysNative\LMabcoms.exe ( ) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AVP) -- C:\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (lmab_device) -- C:\Windows\SysWow64\LMabcoms.exe ( ) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (PLFlash DeviceIoControl Service) -- C:\Nero 9\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (ip100Avista) -- C:\Windows\SysNative\drivers\ipfnd51.sys (IC Plus Corp. ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webcountdown.de/?a=unyRQMR&k=xjJd IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 0A B0 73 8B 7A CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.374 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.441 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.441 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Meik Shepard\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Meik Shepard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.12.22 16:44:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.10.07 07:34:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011.10.07 07:34:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011.10.07 07:34:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Mozilla Firefox\components [2011.09.14 08:13:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.09.14 08:13:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Mozilla Firefox\components [2011.09.14 08:13:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.09.14 08:13:36 | 000,000,000 | ---D | M] [2010.11.02 16:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meik Shepard\AppData\Roaming\mozilla\Extensions [2010.11.03 19:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meik Shepard\AppData\Roaming\mozilla\Firefox\Profiles\vzjx8mj7.default\extensions [2011.10.07 07:34:44 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU [2011.10.07 07:34:44 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011.06.13 12:24:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.05.18 18:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.20 07:45:20 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.24 09:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.09.28 18:21:57 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU [2010.12.22 16:44:14 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC O1 HOSTS File: ([2011.10.17 17:00:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [AVP] C:\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Lachesis] C:\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: add to &BOM - C:\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: add to &BOM - C:\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2444B140-7EE5-4811-2C8B-D5BBBFA19084} - Offline Browsing Pack ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {AEB4D6F1-4AC8-7159-8CD0-FDB36C013EAF} - Internet Explorer ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk - C:\BlackBerry\DesktopMgr.exe - (Research In Motion Limited) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - C:\WISO\Sparbuch 2010\meinsparbuchheute.exe - () MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - C:\CloneCD\CloneCDTray.exe (SlySoft, Inc.) MsConfig:64bit - StartUpReg: Corel File Shell Monitor - hkey= - key= - C:\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe () MsConfig:64bit - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe () MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Nero 9\Nero BackItUp 4\NBKeyScan.exe (Nero AG) MsConfig:64bit - StartUpReg: PC Suite Tray - hkey= - key= - C:\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.17 20:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic [2011.10.17 17:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.17 17:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.10.17 17:08:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.10.17 16:58:55 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.10.17 16:53:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.10.17 16:53:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.10.17 16:53:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.10.17 16:53:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.10.17 16:53:20 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.10.17 16:52:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.10.12 18:22:00 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\Desktop\bootbios [2011.10.12 17:54:08 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\Desktop\LAN Treiber [2011.10.12 17:49:12 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\Desktop\Chipset Update [2011.10.12 17:47:55 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\Desktop\BIOS Update [2011.10.11 20:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2011.10.11 20:49:08 | 000,000,000 | ---D | C] -- C:\WinSCP [2011.10.10 12:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Synetic [2011.10.10 12:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobra 11 - Burning Wheels [2011.10.09 17:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt [2011.09.28 18:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2011.09.28 18:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.09.28 18:20:58 | 000,000,000 | ---D | C] -- C:\Kaspersky Internet Security 2012 [2011.09.28 18:20:49 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.09.28 18:14:18 | 145,454,840 | ---- | C] (Kaspersky Lab) -- C:\Users\Meik Shepard\Desktop\kis12.0.0.374de.exe [2011.09.25 14:50:43 | 000,000,000 | ---D | C] -- C:\Windows\de [2011.09.25 14:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011.09.25 14:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2011.09.25 14:46:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.09.25 14:43:38 | 000,000,000 | ---D | C] -- C:\Users\Meik Shepard\AppData\Local\Windows Live [2011.09.25 14:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010.11.02 20:24:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Meik Shepard\AppData\Roaming\pcouffin.sys [2010.11.02 16:02:19 | 001,044,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabserv.dll [2010.11.02 16:02:19 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomc.dll [2010.11.02 16:02:19 | 000,593,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcoms.exe [2010.11.02 16:02:19 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomm.dll [2010.11.02 16:02:19 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabhcp.dll [2010.07.07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2010.07.07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.18 19:26:42 | 000,443,861 | ---- | M] () -- C:\Users\Meik Shepard\Desktop\Einladung.pdf [2011.10.18 18:45:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.18 18:45:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.18 16:41:22 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.18 16:41:22 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.18 16:34:17 | 000,000,443 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2011.10.18 16:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.18 16:33:25 | 2145,947,647 | -HS- | M] () -- C:\hiberfil.sys [2011.10.18 08:28:06 | 000,061,852 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.18 08:28:06 | 000,061,852 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.18 08:28:06 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.17 20:43:47 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk [2011.10.17 20:40:56 | 015,162,376 | ---- | M] () -- C:\Users\Meik Shepard\Desktop\TOR_setup.exe [2011.10.17 17:00:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.10.17 11:31:17 | 000,000,000 | ---- | M] () -- C:\Users\Meik Shepard\defogger_reenable [2011.10.14 15:01:40 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.10.12 18:05:29 | 001,527,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.12 18:05:29 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.12 18:05:29 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.12 18:05:29 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.12 18:05:29 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.12 14:56:07 | 000,062,280 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 14:56:07 | 000,062,280 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 14:56:07 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 12:49:36 | 000,334,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.12 09:31:32 | 000,000,600 | ---- | M] () -- C:\Users\Meik Shepard\AppData\Roaming\winscp.rnd [2011.10.12 09:30:22 | 000,000,600 | ---- | M] () -- C:\Users\Meik Shepard\AppData\Local\PUTTY.RND [2011.10.10 12:53:06 | 000,000,650 | ---- | M] () -- C:\Users\Public\Desktop\Cobra 11 - Burning Wheels spielen.lnk [2011.10.04 07:28:00 | 500,911,535 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.28 18:37:46 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011.09.28 18:37:45 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011.09.28 18:21:37 | 001,793,984 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2011.09.28 18:20:49 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.09.28 18:18:16 | 145,454,840 | ---- | M] (Kaspersky Lab) -- C:\Users\Meik Shepard\Desktop\kis12.0.0.374de.exe [2011.09.25 14:49:17 | 000,000,020 | ---- | M] () -- C:\Windows\œ÷i [2011.09.23 16:23:10 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011.09.23 16:23:09 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.18 19:26:42 | 000,443,861 | ---- | C] () -- C:\Users\Meik Shepard\Desktop\Einladung.pdf [2011.10.17 20:43:47 | 000,000,746 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk [2011.10.17 20:22:46 | 015,162,376 | ---- | C] () -- C:\Users\Meik Shepard\Desktop\TOR_setup.exe [2011.10.17 16:53:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.10.17 16:53:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.10.17 16:53:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.10.17 16:53:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.10.17 16:53:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.10.17 11:31:17 | 000,000,000 | ---- | C] () -- C:\Users\Meik Shepard\defogger_reenable [2011.10.12 15:21:16 | 000,061,852 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 15:21:16 | 000,061,852 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.12 15:21:16 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx [2011.10.11 20:59:22 | 000,000,600 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Local\PUTTY.RND [2011.10.11 20:49:14 | 000,000,600 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\winscp.rnd [2011.10.10 12:53:06 | 000,000,650 | ---- | C] () -- C:\Users\Public\Desktop\Cobra 11 - Burning Wheels spielen.lnk [2011.10.04 07:28:00 | 500,911,535 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.09.28 18:22:02 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2011.09.28 18:22:02 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2011.09.25 14:49:54 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2011.09.25 14:49:33 | 000,001,382 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2011.09.25 14:49:17 | 000,000,020 | ---- | C] () -- C:\Windows\œ÷i [2011.08.17 11:25:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0852.old [2011.08.14 16:19:10 | 000,017,408 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Local\WebpageIcons.db [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.07.15 08:13:25 | 000,064,000 | RHS- | C] () -- C:\Windows\SysWow64\d3dx9_309.dll [2011.06.10 08:57:29 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.30 16:19:57 | 000,000,622 | ---- | C] () -- C:\Windows\wiso.ini [2011.03.14 09:06:44 | 000,016,384 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.26 17:31:16 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.02.26 17:31:16 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AE6F64A075.sys [2011.02.25 18:21:17 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll [2011.02.25 18:21:17 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2011.01.04 17:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.11.26 21:29:49 | 000,000,130 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\default.rss [2010.11.04 21:18:42 | 000,000,100 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Local\fusioncache.dat [2010.11.04 21:18:08 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.02 21:37:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.02 20:24:09 | 000,007,859 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\pcouffin.cat [2010.11.02 20:24:09 | 000,001,167 | ---- | C] () -- C:\Users\Meik Shepard\AppData\Roaming\pcouffin.inf [2010.11.02 20:18:25 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2010.11.02 19:46:42 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.02 15:34:39 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.11.02 15:34:39 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.11.02 15:08:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.11.02 14:31:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.11.02 14:31:25 | 000,029,596 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.07.07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2010.07.07 14:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2010.07.07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2010.07.07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2010.07.07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2010.07.07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.07.01 03:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011.01.06 12:21:51 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Blackberry Desktop [2011.03.30 16:20:31 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Buhl Data Service [2011.06.10 08:57:40 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\CAD-KAS [2010.11.18 09:45:50 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\elsterformular [2011.07.29 16:55:22 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\ESET [2011.07.27 11:26:54 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\go [2011.01.14 11:49:34 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\IrfanView [2011.07.01 08:23:32 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\LPECommon [2011.05.03 14:40:01 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\NewSoft [2010.12.22 16:49:37 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Nokia [2011.06.06 14:05:42 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Opera [2010.12.22 16:46:37 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\PC Suite [2010.11.02 15:26:30 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Razer [2011.01.06 12:11:35 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Research In Motion [2011.03.23 16:05:25 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\RIFT [2011.03.11 18:41:35 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Samsung [2011.09.18 20:01:21 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Tropico 3 [2011.09.14 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Tropico3 [2010.11.27 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\Meik Shepard\AppData\Roaming\Vso [2011.09.28 18:21:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.17 17:08:57 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.01.28 08:31:41 | 000,000,000 | ---D | M] -- C:\AOL 9.0 VR [2010.11.26 09:46:01 | 000,000,000 | ---D | M] -- C:\AVSMediaPlayer [2011.10.18 19:34:45 | 000,000,000 | ---D | M] -- C:\Biet-O-Matic [2011.01.06 12:50:59 | 000,000,000 | ---D | M] -- C:\BlackBerry [2011.08.11 13:05:48 | 000,000,000 | ---D | M] -- C:\Canon [2010.11.02 20:19:26 | 000,000,000 | ---D | M] -- C:\Carrera [2011.10.14 15:26:44 | 000,000,000 | ---D | M] -- C:\CloneCD [2010.11.02 20:03:49 | 000,000,000 | ---D | M] -- C:\CloneDVD2 [2011.10.17 17:06:19 | 000,000,000 | ---D | M] -- C:\ComboFix [2011.08.17 10:13:56 | 000,000,000 | ---D | M] -- C:\Comodo Downloader [2011.08.18 09:15:41 | 000,000,000 | ---D | M] -- C:\COMODO Internet Security [2011.02.26 17:30:48 | 000,000,000 | ---D | M] -- C:\Corel Paint Shop Pro Photo X2 [2011.02.26 17:28:53 | 000,000,000 | ---D | M] -- C:\Corel Paint Shop Pro Photo X2 - Installation Files [2010.11.02 17:05:37 | 000,000,000 | ---D | M] -- C:\Creative [2010.11.29 21:34:56 | 000,000,000 | ---D | M] -- C:\Das Böse unter der Sonne [2011.08.16 19:43:22 | 000,000,000 | ---D | M] -- C:\Digicam [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.11.02 14:27:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.02.24 19:43:40 | 000,000,000 | ---D | M] -- C:\Downloads [2011.09.10 13:22:12 | 000,000,000 | ---D | M] -- C:\DVD Shrink DE [2011.10.09 17:51:54 | 000,000,000 | ---D | M] -- C:\DVDFab 8 [2010.11.18 09:45:42 | 000,000,000 | ---D | M] -- C:\ElsterFormular [2010.11.02 20:29:37 | 000,000,000 | ---D | M] -- C:\EVEREST Ultimate Edition [2011.02.26 18:05:25 | 000,000,000 | ---D | M] -- C:\FBBM [2010.11.27 12:10:59 | 000,000,000 | ---D | M] -- C:\Free DVD Video Converter [2010.11.02 14:32:16 | 000,000,000 | ---D | M] -- C:\Intel [2011.01.14 11:49:34 | 000,000,000 | ---D | M] -- C:\IrfanView [2010.11.02 16:30:08 | 000,000,000 | ---D | M] -- C:\jv16 PowerTools 2009 [2010.11.02 17:08:12 | 000,000,000 | ---D | M] -- C:\jv16 PowerTools 2010 [2011.10.07 17:53:03 | 000,000,000 | ---D | M] -- C:\Kaspersky Internet Security 2012 [2011.02.25 18:05:57 | 000,000,000 | ---D | M] -- C:\lexmark [2011.08.23 18:47:04 | 000,000,000 | ---D | M] -- C:\Lustiges [2010.11.02 15:08:03 | 000,000,000 | ---D | M] -- C:\Microsoft Office [2011.10.15 11:37:49 | 000,000,000 | ---D | M] -- C:\Mozilla Firefox [2010.11.02 21:14:03 | 000,000,000 | ---D | M] -- C:\Nero 9 [2010.12.22 16:44:14 | 000,000,000 | ---D | M] -- C:\Nokia [2010.11.02 14:48:48 | 000,000,000 | ---D | M] -- C:\NVIDIA [2010.11.11 09:14:01 | 000,000,000 | ---D | M] -- C:\NVIDIA Corporation [2011.06.10 10:30:08 | 000,000,000 | ---D | M] -- C:\PDF Editor 3 [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.08.30 20:58:24 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.17 17:44:36 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.10.10 12:53:07 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.11.02 14:27:18 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.17 17:06:18 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.11.02 14:35:45 | 000,000,000 | ---D | M] -- C:\RaidTool [2010.11.02 15:23:42 | 000,000,000 | ---D | M] -- C:\Razer [2010.11.02 14:27:19 | 000,000,000 | ---D | M] -- C:\Recovery [2011.08.18 09:19:33 | 000,000,000 | ---D | M] -- C:\Security Task Manager [2010.11.02 19:46:09 | 000,000,000 | ---D | M] -- C:\SlySoft [2011.08.15 07:41:15 | 000,000,000 | ---D | M] -- C:\Spybot - Search & Destroy [2011.09.29 07:15:21 | 000,000,000 | ---D | M] -- C:\Spyware Doctor [2011.07.04 10:35:27 | 000,000,000 | ---D | M] -- C:\SWGEmu [2011.10.18 19:39:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.26 17:22:08 | 000,000,000 | ---D | M] -- C:\temp [2011.09.12 08:26:29 | 000,000,000 | R--D | M] -- C:\Users [2010.11.26 21:46:21 | 000,000,000 | ---D | M] -- C:\VSO [2011.10.18 16:33:22 | 000,000,000 | ---D | M] -- C:\Windows [2011.10.11 20:49:09 | 000,000,000 | ---D | M] -- C:\WinSCP [2011.03.30 16:13:26 | 000,000,000 | ---D | M] -- C:\WISO [2011.07.28 16:51:13 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Gruß Meik |
|
| Themen zu Google leitet mich auf falsche Seiten um |
| adobe, bho, bonjour, excel, explorer, google, hijack, hijackthis, home, internet, internet explorer, internet security 2012, kaspersky, leitet, logfile, monitor, nvidia, nvidia update, plug-in, programm, security, seiten, software, suche, tastatur, windows, wmp |
Linear-Darstellung
