| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System 32 FehlermeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.10.2011, 18:20
| #1 |
 |  System 32 Fehlermeldung Hallo leute ich hab seit ein paar Wochen ein Problem und weiß nicht wie ichs wieder loswerd. Mein PC stürzte ab und als ich ihn wieder hochgefahren hab, kamen ungefähr 10 Fehlermeldungen nacheinander, eigentlich alle bezogen sich auf den dateipfad C:Benutzer/Windows/System32/oledlg.dll und sagten mir das irgendwelche Programme oder Autostarts nicht für die Benutzung unter Windows gedacht sind und nicht starten können. Dazu kommt dass ich weder Programme startn noch installiernen kann und der einizge Browser der funktioniert ist der Internet Explorer, ich kann auch nichts als Administrator ausführen da eine Fehlermeldung erscheint die besagt dass die "Shellexecuted exe nicht ausführbar sei. Somit ist der PC recht unbrauchbar da eigentlich nichts ausder der IE funktioniert. Habe schon system recovery und reperatur mit einer WindowsDVD versucht und auch etliche virenprogramme haben nichts gefunden. Hoffe ihr könnt mir helfen und schon mal danke im Vorraus. |
|
21.10.2011, 13:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | System 32 Fehlermeldung CustomScan mit OTL
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
22.10.2011, 12:46
| #3 |
| | System 32 Fehlermeldung Danke für die schnelle Antwort jedoch kann ich den Scanner nicht starten da nur eine Fehlermeldung mit "C:/Users/.../Desktop/OTL.exe Dateisystemfehler (-1073741792)" erscheint, außerdem eine Microsoft Windows Meldung "Zustimmungsbenutzeroberfläche für Verwaltungsanwendungen wurde beendet und geschlossen. Die Anwendung wird aufgrund eines Problems nicht mehr reichtig ausgeführt. Sie erhalten Nachricht wenn eine Lösung verfügbar ist." Die angebliche Lösung kommt auch gleich nämlich Windows Updates zu installiern, was allerdings auch nicht funktioniert.
__________________ |
|
22.10.2011, 16:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System 32 Fehlermeldung Funktioniert es im abgesicherten Modus? Evtl solltest du dich hierschonmal drauf vorbereiten => Artikel zur Neuinstallation von Windows
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.10.2011, 18:35
| #5 |
| | System 32 Fehlermeldung Ist jetzt vll ne doofe frage aber wie startet man den abgesicherten modus? Ja mit einer Neuinstallation habe ich auch schon gerechnet.. |
|
23.10.2011, 17:59
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System 32 Fehlermeldung
__________________ --> System 32 Fehlermeldung |
|
25.10.2011, 16:31
| #7 |
| | System 32 Fehlermeldung So im abgesichterten modus hats dann funktioniert  hänge den scan dann mal an.Code:
ATTFilter OTL logfile created on: 25.10.2011 17:00:16 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\philipp\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,10% Memory free 6,20 Gb Paging File | 5,89 Gb Available in Paging File | 95,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 173,99 Gb Total Space | 36,30 Gb Free Space | 20,86% Space Free | Partition Type: NTFS Drive D: | 45,22 Gb Total Space | 21,54 Gb Free Space | 47,64% Space Free | Partition Type: NTFS Computer Name: PHILIPP | User Name: philipp | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\philipp\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Programme\Lavasoft\Ad-Aware\AWSC.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirScheduler) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (TeamViewer) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (KtmRm) -- C:\Windows\System32\msdtckrm.dll () SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://googel.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.01 23:43:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.28 04:36:34 | 000,000,000 | ---D | M] [2008.09.13 13:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Extensions [2011.09.18 12:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions [2009.09.07 12:53:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.29 15:18:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.01.09 12:42:07 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7} [2011.09.18 12:56:49 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2011.06.04 19:08:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.06.27 13:01:48 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\battlefieldheroespatcher@ea.com [2010.05.26 13:17:17 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com [2011.09.18 12:56:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com [2011.08.28 04:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp [2010.05.26 13:17:10 | 000,002,059 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\daemon-search.xml [2011.09.19 17:20:18 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-1.xml [2009.12.29 23:04:14 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-2.xml [2010.02.16 00:36:23 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-3.xml [2010.05.17 15:04:50 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-4.xml [2009.09.20 19:02:56 | 000,000,944 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin.xml [2011.08.28 04:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.08.14 18:39:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.03 09:59:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.08.25 12:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.09.01 23:43:49 | 000,000,000 | ---- | M] () -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.0\PriceGongIE.dll (PriceGong) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll () O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Vendio Services, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79A80240-1282-48E1-AA54-1A3DB4EF6D58}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A298ED5-674B-4843-934D-2F1FD3ACE865}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Remix_by_K3nzuS.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Remix_by_K3nzuS.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\Shell - "" = AutoRun O33 - MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\Shell - "" = AutoRun O33 - MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\Shell - "" = AutoRun O33 - MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\Shell - "" = AutoRun O33 - MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\Shell\AutoRun\command - "" = G:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: GAINWARD - hkey= - key= - C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: VIDC.MKVC - C:\Windows\System32\KMVIDC32.DLL () Drivers32: vidc.VP31 - C:\Windows\System32\vp31vfw.dll (On2.com) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.10.22 13:40:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\philipp\Desktop\OTL.exe [2011.10.09 01:39:24 | 000,000,000 | ---D | C] -- C:\Users\philipp\Desktop\BBou - Guad und Fesch [2011.10.04 22:30:37 | 000,000,000 | ---D | C] -- C:\Users\philipp\Desktop\Vll wichtig [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.25 16:59:11 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.10.25 16:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.25 16:57:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.25 16:57:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.24 18:38:33 | 000,000,147 | ---- | M] () -- C:\Users\philipp\Desktop\olepro32.dll free download - DLL-files.com.url [2011.10.23 18:09:46 | 000,628,124 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.23 18:09:46 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.23 18:09:46 | 000,127,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.23 18:09:46 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.22 14:16:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.10.22 14:16:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.10.22 13:40:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\philipp\Desktop\OTL.exe [2011.10.14 22:23:15 | 000,000,131 | ---- | M] () -- C:\Users\philipp\Desktop\Blood by Days - Fire walk with me (Official Music Video) - YouTube.url [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.25 16:59:07 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.10.24 18:38:33 | 000,000,147 | ---- | C] () -- C:\Users\philipp\Desktop\olepro32.dll free download - DLL-files.com.url [2011.10.14 22:23:15 | 000,000,131 | ---- | C] () -- C:\Users\philipp\Desktop\Blood by Days - Fire walk with me (Official Music Video) - YouTube.url [2011.08.30 16:21:37 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.08.30 16:21:37 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.04.27 17:27:04 | 000,000,004 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\steam_md4.dat [2011.04.27 17:14:03 | 000,000,110 | ---- | C] () -- C:\Windows\System32\alterIWnet.ini [2010.05.25 20:21:05 | 000,026,340 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\UserTile.png [2009.07.12 20:01:35 | 000,860,211 | --S- | C] () -- C:\Windows\System32\XSIFtk-3.6.2.1.dll [2009.05.19 19:08:31 | 000,000,041 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\Spin Chat Preferences [2009.02.26 15:06:39 | 000,000,024 | ---- | C] () -- C:\Users\philipp\AppData\Local\.ipc_copyrecord [2009.02.26 15:03:30 | 000,000,024 | ---- | C] () -- C:\Users\philipp\AppData\Local\84756-11986-27475-00TC1-94865 [2009.01.25 16:17:34 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2008.11.18 17:54:08 | 000,139,152 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\PnkBstrK.sys [2008.11.18 17:54:08 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.11.18 17:53:53 | 000,189,640 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.11.18 17:53:49 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.11.18 17:53:47 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2008.10.21 12:14:30 | 000,007,718 | ---- | C] () -- C:\Windows\cadx2.ini [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.04 14:08:16 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.09.13 13:15:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.06.04 14:14:36 | 000,001,530 | ---- | C] () -- C:\Users\philipp\AppData\Roaming\EasyToolz.ini [2008.05.29 16:12:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\CertEnroll.dll [2008.05.29 16:12:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msdtckrm.dll [2008.05.29 16:11:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\zipfldr.dll [2008.05.29 16:11:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SearchProtocolHost.exe [2008.05.29 16:11:26 | 000,017,408 | ---- | C] () -- C:\Windows\System32\wscisvif.dll [2008.05.29 16:11:19 | 000,192,000 | ---- | C] () -- C:\Windows\System32\wsqmcons.exe [2008.05.29 16:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dssenh.dll [2008.05.29 16:10:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\oledlg.dll [2008.05.29 16:09:50 | 000,076,800 | ---- | C] () -- C:\Windows\System32\SearchFilterHost.exe [2008.05.29 16:09:49 | 000,205,824 | ---- | C] () -- C:\Windows\System32\msoeacct.dll [2008.05.29 16:09:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xactsrv.dll [2008.05.29 16:09:36 | 000,127,488 | ---- | C] () -- C:\Windows\System32\aclui.dll [2008.05.29 16:09:36 | 000,088,576 | ---- | C] () -- C:\Windows\System32\olepro32.dll [2008.05.29 16:09:23 | 000,009,728 | ---- | C] () -- C:\Windows\System32\wscproxystub.dll [2008.05.29 16:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wmpshell.dll [2008.05.29 16:08:57 | 000,020,480 | ---- | C] () -- C:\Windows\System32\RacAgent.exe [2008.05.29 16:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\MsCtfMonitor.dll [2008.05.29 16:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\vss_ps.dll [2008.05.29 16:08:55 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.05.29 16:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsock32.dll [2008.05.29 16:08:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wiarpc.dll [2008.05.29 16:08:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\HotStartUserAgent.dll [2008.05.23 12:09:16 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL [2008.05.10 16:02:06 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini [2008.02.28 13:12:39 | 000,000,095 | ---- | C] () -- C:\Users\philipp\AppData\Local\fusioncache.dat [2007.12.07 15:39:49 | 000,002,032 | ---- | C] () -- C:\Users\philipp\AppData\Local\d3d9caps.dat [2007.12.04 15:16:29 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2007.12.03 19:25:51 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.03 19:25:50 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI [2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2007.10.02 17:07:50 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2007.10.02 17:07:50 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2007.09.19 17:23:49 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.06 14:04:40 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2007.09.06 14:04:40 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2007.08.15 19:45:21 | 000,000,343 | ---- | C] () -- C:\Windows\ask.ini [2007.08.11 17:35:57 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2007.07.01 18:21:37 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2007.07.01 18:21:35 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2007.06.28 20:37:37 | 000,038,912 | ---- | C] () -- C:\Users\philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.28 20:22:39 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2007.05.16 09:35:44 | 002,071,552 | ---- | C] () -- C:\Windows\setup_rangers_2.exe [2007.02.14 11:18:27 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2006.11.02 17:33:31 | 000,628,124 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,127,032 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,318,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 14:34:41 | 000,198,144 | ---- | C] () -- C:\Windows\System32\sti.dll [2006.11.02 12:33:01 | 000,595,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,742 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll ========== LOP Check ========== [2011.08.29 02:49:19 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\.minecraft [2008.06.24 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Acreon [2009.06.06 14:37:59 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Armagetron [2011.09.18 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Babylon [2007.07.21 09:24:27 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\CrystalSpace [2011.08.24 23:36:24 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\DAEMON Tools Lite [2008.07.24 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ [2008.08.24 13:22:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ Toolbar [2009.06.06 10:44:03 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Lexware [2010.02.27 00:37:46 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenOffice.org [2010.05.25 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\PeerNetworking [2008.09.02 14:09:04 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\SPORE Creature Creator [2008.11.18 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\TeamViewer [2009.02.26 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Teeworlds [2009.08.05 11:23:08 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ubisoft [2011.05.01 00:57:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Uduc [2011.09.18 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\uTorrent [2011.05.03 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Zegoyt [2011.10.25 16:59:11 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.10.25 16:57:51 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.08.29 02:49:19 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\.minecraft [2008.06.24 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Acreon [2008.09.12 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Adobe [2007.07.05 18:16:08 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ahead [2010.09.08 22:46:45 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Apple Computer [2009.06.06 14:37:59 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Armagetron [2011.09.18 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Babylon [2007.07.21 09:24:27 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\CrystalSpace [2011.08.24 23:36:24 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\DAEMON Tools Lite [2008.03.06 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\DivX [2011.04.27 18:01:45 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Hamachi [2008.07.24 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ [2008.08.24 13:22:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ Toolbar [2007.06.28 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Identities [2007.09.21 14:19:01 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\InstallShield [2009.06.06 10:44:03 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Lexware [2007.09.23 11:20:26 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Media Center Programs [2010.04.12 16:00:17 | 000,000,000 | --SD | M] -- C:\Users\philipp\AppData\Roaming\Microsoft [2011.09.18 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Microsoft Games [2008.09.13 13:07:10 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Mozilla [2008.09.22 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\NCH Software [2010.02.27 00:37:46 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenOffice.org [2010.02.26 13:45:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\OpenOffice.org2 [2010.05.25 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\PeerNetworking [2009.09.29 18:58:53 | 000,000,000 | RH-D | M] -- C:\Users\philipp\AppData\Roaming\SecuROM [2008.09.02 14:09:04 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\SPORE Creature Creator [2007.09.26 20:06:29 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Sun [2008.05.28 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\teamspeak2 [2008.11.18 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\TeamViewer [2009.02.26 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Teeworlds [2009.08.05 11:23:08 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Ubisoft [2011.05.01 00:57:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Uduc [2011.09.18 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\uTorrent [2008.11.18 17:09:10 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\WinRAR [2008.03.06 15:33:41 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Yahoo! [2011.05.03 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Zegoyt < %APPDATA%\*.exe /s > [2008.08.30 18:09:12 | 000,272,384 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe [2011.08.18 00:43:39 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\philipp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2009.06.06 19:28:34 | 000,010,134 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{2CEA7E55-D41E-4D58-91FB-E14F1FD690AE}\ARPPRODUCTICON.exe [2011.07.06 13:28:28 | 000,000,000 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_004EBF16C80993592B6C1D.exe [2011.07.06 13:28:28 | 000,010,134 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_67065D20704EA8E571DEE5.exe [2011.07.06 13:28:28 | 000,070,717 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_853F67D554F05449430E7E.exe [2011.07.06 13:28:28 | 000,070,717 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_B5C0DF6A09AC406A73DBB3.exe [2011.05.07 18:22:57 | 000,010,134 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe [2009.10.07 18:36:30 | 000,010,134 | R--- | M] () -- C:\Users\philipp\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe [2011.05.25 15:17:10 | 000,280,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe [2011.05.25 15:17:10 | 000,035,552 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_registrar.exe [2009.06.25 16:36:16 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe [2011.05.25 15:17:10 | 000,280,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp\content\getPlusPlus_Adobe.exe [2011.05.25 15:17:10 | 000,035,552 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp\content\getPlus_registrar.exe [2008.02.13 08:07:36 | 000,393,216 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.02.14 11:50:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2007.02.14 11:50:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2007.02.14 11:50:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.02.14 11:50:51 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2007.02.14 11:50:51 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2007.02.14 11:50:51 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\drivers\iaStor.sys [2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c3369af\iaStor.sys [2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0d20ce62\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVATABUS.SYS > [2006.07.14 14:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\drivers\nvatabus.sys [2006.07.14 14:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_27229839\nvatabus.sys < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.08.12 09:50:44 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.08.12 09:50:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: VIAMRAID.SYS > [2006.03.31 02:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\drivers\viamraid.sys [2006.03.31 02:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_2d6a7e3a\viamraid.sys < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.02.14 11:18:56 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.02.14 11:18:53 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.02.14 11:18:56 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.02.14 11:19:13 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.02.14 11:19:16 | 006,017,024 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
25.10.2011, 18:08
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System 32 Fehlermeldung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://googel.de/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
[2011.08.29 15:18:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.01.09 12:42:07 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2011.09.18 12:56:49 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2010.05.26 13:17:17 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com
[2011.09.18 12:56:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com
[2011.08.28 04:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp
[2010.05.26 13:17:10 | 000,002,059 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\daemon-search.xml
[2011.09.19 17:20:18 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-1.xml
[2009.12.29 23:04:14 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-2.xml
[2010.02.16 00:36:23 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-3.xml
[2010.05.17 15:04:50 | 000,000,950 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-4.xml
[2009.09.20 19:02:56 | 000,000,944 | ---- | M] () -- C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin.xml
[2011.08.28 04:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.14 18:39:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\Shell - "" = AutoRun
O33 - MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\Shell - "" = AutoRun
O33 - MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\Shell - "" = AutoRun
O33 - MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\Shell - "" = AutoRun
O33 - MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\Shell\AutoRun\command - "" = G:\pushinst.exe
[2011.09.18 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Babylon
[2008.08.24 13:22:23 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\ICQ Toolbar
[2011.05.01 00:57:22 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Uduc
[2011.05.03 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\philipp\AppData\Roaming\Zegoyt
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2011, 20:59
| #9 |
| | System 32 Fehlermeldung So hab im abgesicherten Modus den Fix laufen lassn (das im normalen wegn der Administartor Fehlermeldung nicht geht) und nach dem Neustart des Pcs kamen immer noch die selben Fehlermeldungen und ich habe im moment auch noch keine Verbesserung bemerkt. Hier das neue Logfile. Das Einzige was mir aufgefallen wäre ist dass meine IE Startseite gelöscht wurde. Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
C:\Programme\Search Settings\kb127\SearchSettings.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://googel.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}\defaults\preferences folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}\defaults folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}\content folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7} folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\modules folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\components folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp\plugins folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp\content folder moved successfully.
C:\Users\philipp\AppData\Roaming\mozilla\Firefox\Profiles\vzkwfv5c.default\extensions\nostmp folder moved successfully.
C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\daemon-search.xml moved successfully.
C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions folder moved successfully.
Folder C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
C:\Programme\PriceGong\2.5.0\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Programme\Search Settings\kb127\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{253e8769-481f-11dc-999d-001a9250b66c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253e8769-481f-11dc-999d-001a9250b66c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{253e8769-481f-11dc-999d-001a9250b66c}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8350c229-68b8-11df-bbdb-001a4f9d9f65}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7f24e9-551b-11df-9179-001a9250b66c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a7f24e9-551b-11df-9179-001a9250b66c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7f24e9-551b-11df-9179-001a9250b66c}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd252f6d-a2e6-11df-8885-86c9b9560560}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd252f6d-a2e6-11df-8885-86c9b9560560}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd252f6d-a2e6-11df-8885-86c9b9560560}\ not found.
File G:\pushinst.exe not found.
C:\Users\philipp\AppData\Roaming\Babylon folder moved successfully.
C:\Users\philipp\AppData\Roaming\ICQ Toolbar folder moved successfully.
C:\Users\philipp\AppData\Roaming\Uduc folder moved successfully.
C:\Users\philipp\AppData\Roaming\Zegoyt folder moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: philipp
->Temp folder emptied: 37802033 bytes
->Temporary Internet Files folder emptied: 1557746393 bytes
->Java cache emptied: 59424 bytes
->FireFox cache emptied: 144048704 bytes
->Apple Safari cache emptied: 99001344 bytes
->Flash cache emptied: 3121245 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8145892 bytes
RecycleBin emptied: 2657599382 bytes
Total Files Cleaned = 4.299,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 10252011_214912
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
26.10.2011, 09:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System 32 Fehlermeldung Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2011, 16:44
| #11 |
| | System 32 Fehlermeldung Hab den Scan gemacht, ab wann sollte ich den unhide.exe laden und ausführen? Hätte keine der beschriebenen Probleme bemerkt? Code:
ATTFilter iproxy.sys
17:37:46.0343 1704 nsiproxy - ok
17:37:46.0546 1704 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
17:37:46.0656 1704 Ntfs - ok
17:37:46.0734 1704 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:37:46.0812 1704 ntrigdigi - ok
17:37:46.0859 1704 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:37:46.0906 1704 Null - ok
17:37:46.0953 1704 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
17:37:46.0984 1704 nvatabus - ok
17:37:47.0765 1704 nvlddmkm (484844c0d892b42ecc5e6b063d072a38) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:37:48.0421 1704 nvlddmkm - ok
17:37:48.0531 1704 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
17:37:48.0546 1704 nvraid - ok
17:37:48.0750 1704 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:37:48.0781 1704 nvstor - ok
17:37:48.0953 1704 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:37:48.0953 1704 nv_agp - ok
17:37:49.0203 1704 NwlnkFlt - ok
17:37:49.0375 1704 NwlnkFwd - ok
17:37:49.0468 1704 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
17:37:49.0531 1704 ohci1394 - ok
17:37:49.0625 1704 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:37:49.0718 1704 Parport - ok
17:37:49.0859 1704 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
17:37:49.0859 1704 partmgr - ok
17:37:50.0000 1704 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:37:50.0078 1704 Parvdm - ok
17:37:50.0140 1704 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
17:37:50.0156 1704 pci - ok
17:37:50.0187 1704 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:37:50.0187 1704 pciide - ok
17:37:50.0234 1704 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:37:50.0250 1704 pcmcia - ok
17:37:50.0312 1704 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:37:50.0437 1704 PEAUTH - ok
17:37:50.0562 1704 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:37:50.0609 1704 PptpMiniport - ok
17:37:50.0656 1704 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:37:50.0734 1704 Processor - ok
17:37:50.0875 1704 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
17:37:50.0937 1704 PSched - ok
17:37:51.0015 1704 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:37:51.0562 1704 ql2300 - ok
17:37:51.0609 1704 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:37:51.0625 1704 ql40xx - ok
17:37:51.0718 1704 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:37:51.0750 1704 QWAVEdrv - ok
17:37:51.0812 1704 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:37:51.0859 1704 RasAcd - ok
17:37:51.0953 1704 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:37:52.0015 1704 Rasl2tp - ok
17:37:52.0187 1704 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
17:37:52.0250 1704 RasPppoe - ok
17:37:52.0312 1704 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
17:37:52.0375 1704 RasSstp - ok
17:37:52.0468 1704 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
17:37:52.0500 1704 rdbss - ok
17:37:52.0531 1704 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:37:52.0593 1704 RDPCDD - ok
17:37:52.0843 1704 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:37:52.0906 1704 rdpdr - ok
17:37:53.0015 1704 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:37:53.0062 1704 RDPENCDD - ok
17:37:53.0140 1704 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
17:37:53.0203 1704 RDPWD - ok
17:37:53.0328 1704 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:37:53.0359 1704 rspndr - ok
17:37:53.0421 1704 RTL8023xp (f7a8c9024e82534cec50613d87e88645) C:\Windows\system32\DRIVERS\Rtnicxp.sys
17:37:53.0515 1704 RTL8023xp - ok
17:37:53.0546 1704 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:37:53.0593 1704 sbp2port - ok
17:37:53.0796 1704 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:37:53.0875 1704 secdrv - ok
17:37:53.0984 1704 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
17:37:54.0046 1704 Serenum - ok
17:37:54.0171 1704 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
17:37:54.0218 1704 Serial - ok
17:37:54.0281 1704 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:37:54.0312 1704 sermouse - ok
17:37:54.0437 1704 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
17:37:54.0500 1704 sfdrv01 - ok
17:37:54.0765 1704 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys
17:37:54.0796 1704 sfdrv01a - ok
17:37:54.0843 1704 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:37:54.0906 1704 sffdisk - ok
17:37:54.0937 1704 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:37:55.0000 1704 sffp_mmc - ok
17:37:55.0062 1704 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:37:55.0125 1704 sffp_sd - ok
17:37:55.0187 1704 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
17:37:55.0187 1704 sfhlp02 - ok
17:37:55.0218 1704 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:37:55.0281 1704 sfloppy - ok
17:37:55.0359 1704 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
17:37:55.0375 1704 sfsync02 - ok
17:37:55.0421 1704 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:37:55.0437 1704 sisagp - ok
17:37:55.0468 1704 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
17:37:55.0531 1704 SiSRaid2 - ok
17:37:55.0562 1704 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:37:55.0562 1704 SiSRaid4 - ok
17:37:55.0625 1704 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
17:37:55.0671 1704 Smb - ok
17:37:55.0734 1704 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:37:55.0734 1704 spldr - ok
17:37:55.0921 1704 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
17:37:55.0953 1704 sptd - ok
17:37:56.0046 1704 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
17:37:56.0156 1704 srv - ok
17:37:56.0265 1704 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
17:37:56.0359 1704 srv2 - ok
17:37:56.0406 1704 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
17:37:56.0453 1704 srvnet - ok
17:37:56.0531 1704 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:37:56.0546 1704 ssmdrv ( UnsignedFile.Multi.Generic ) - warning
17:37:56.0546 1704 ssmdrv - detected UnsignedFile.Multi.Generic (1)
17:37:56.0609 1704 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:37:56.0609 1704 swenum - ok
17:37:56.0687 1704 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:37:56.0703 1704 Symc8xx - ok
17:37:56.0765 1704 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:37:56.0796 1704 Sym_hi - ok
17:37:56.0875 1704 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:37:56.0875 1704 Sym_u3 - ok
17:37:57.0046 1704 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
17:37:57.0078 1704 tandpl ( UnsignedFile.Multi.Generic ) - warning
17:37:57.0078 1704 tandpl - detected UnsignedFile.Multi.Generic (1)
17:37:57.0187 1704 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys
17:37:57.0203 1704 TBPanel - ok
17:37:57.0281 1704 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
17:37:57.0328 1704 Tcpip - ok
17:37:57.0593 1704 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
17:37:57.0625 1704 Tcpip6 - ok
17:37:57.0734 1704 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
17:37:57.0765 1704 tcpipreg - ok
17:37:57.0843 1704 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:37:57.0890 1704 TDPIPE - ok
17:37:57.0921 1704 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:37:57.0968 1704 TDTCP - ok
17:37:58.0015 1704 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
17:37:58.0046 1704 tdx - ok
17:37:58.0093 1704 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
17:37:58.0093 1704 TermDD - ok
17:37:58.0156 1704 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:37:58.0203 1704 tssecsrv - ok
17:37:58.0250 1704 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:37:58.0312 1704 tunmp - ok
17:37:58.0359 1704 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
17:37:58.0421 1704 tunnel - ok
17:37:58.0453 1704 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:37:58.0468 1704 uagp35 - ok
17:37:58.0546 1704 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
17:37:58.0593 1704 udfs - ok
17:37:58.0703 1704 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:37:58.0734 1704 uliagpkx - ok
17:37:58.0765 1704 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:37:58.0781 1704 uliahci - ok
17:37:58.0796 1704 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:37:58.0812 1704 UlSata - ok
17:37:58.0843 1704 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:37:58.0859 1704 ulsata2 - ok
17:37:58.0906 1704 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:37:58.0921 1704 umbus - ok
17:37:58.0968 1704 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
17:37:59.0031 1704 USBAAPL - ok
17:37:59.0062 1704 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:37:59.0109 1704 usbccgp - ok
17:37:59.0187 1704 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:37:59.0265 1704 usbcir - ok
17:37:59.0312 1704 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
17:37:59.0328 1704 usbehci - ok
17:37:59.0359 1704 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
17:37:59.0375 1704 usbhub - ok
17:37:59.0406 1704 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
17:37:59.0453 1704 usbohci - ok
17:37:59.0656 1704 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:37:59.0750 1704 usbprint - ok
17:37:59.0906 1704 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:37:59.0937 1704 USBSTOR - ok
17:37:59.0968 1704 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:38:00.0015 1704 usbuhci - ok
17:38:00.0062 1704 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:00.0125 1704 vga - ok
17:38:00.0171 1704 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:38:00.0203 1704 VgaSave - ok
17:38:00.0265 1704 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:38:00.0265 1704 viaagp - ok
17:38:00.0312 1704 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:38:00.0375 1704 ViaC7 - ok
17:38:00.0421 1704 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:38:00.0421 1704 viaide - ok
17:38:00.0453 1704 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
17:38:00.0515 1704 viamraid - ok
17:38:00.0546 1704 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:38:00.0546 1704 volmgr - ok
17:38:00.0593 1704 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
17:38:00.0609 1704 volmgrx - ok
17:38:00.0671 1704 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
17:38:00.0671 1704 volsnap - ok
17:38:00.0718 1704 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:38:00.0718 1704 vsmraid - ok
17:38:00.0765 1704 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:38:00.0843 1704 WacomPen - ok
17:38:00.0890 1704 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:00.0906 1704 Wanarp - ok
17:38:00.0906 1704 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:00.0921 1704 Wanarpv6 - ok
17:38:00.0968 1704 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:38:00.0968 1704 Wd - ok
17:38:01.0015 1704 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:38:01.0046 1704 Wdf01000 - ok
17:38:01.0265 1704 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:38:01.0359 1704 WmiAcpi - ok
17:38:01.0437 1704 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
17:38:01.0453 1704 WpdUsb - ok
17:38:01.0484 1704 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:38:01.0531 1704 ws2ifsl - ok
17:38:01.0625 1704 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:01.0671 1704 WUDFRd - ok
17:38:01.0750 1704 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:38:01.0781 1704 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:38:01.0781 1704 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:38:01.0796 1704 Boot (0x1200) (1a4e59b52b4ddc3e7083f257fd761a36) \Device\Harddisk0\DR0\Partition0
17:38:01.0796 1704 \Device\Harddisk0\DR0\Partition0 - ok
17:38:01.0828 1704 Boot (0x1200) (96288a61c20efaeb71380a61c6081881) \Device\Harddisk0\DR0\Partition1
17:38:01.0828 1704 \Device\Harddisk0\DR0\Partition1 - ok
17:38:01.0828 1704 ============================================================
17:38:01.0828 1704 Scan finished
17:38:01.0828 1704 ============================================================
17:38:01.0843 1696 Detected object count: 4
17:38:01.0843 1696 Actual detected object count: 4
17:38:19.0281 1696 enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:19.0281 1696 enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:19.0281 1696 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:19.0281 1696 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:19.0281 1696 tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:19.0281 1696 tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:19.0281 1696 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:38:19.0281 1696 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
26.10.2011, 19:37
| #12 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | System 32 FehlermeldungZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2011, 22:33
| #13 |
| | System 32 Fehlermeldung Ja gut dann hab ich das schon richtig verstanden. Die TDSS-Datei habe ich jetzt mit dem Killer gelöscht, gebracht hat das aber noch nichts, hab ich vll irgendwas falsch gemacht? Hier mal die neue LogDatei. Code:
ATTFilter 23:26:22.0562 1772 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
23:26:22.0562 1772 ============================================================
23:26:22.0562 1772 Current date / time: 2011/10/26 23:26:22.0562
23:26:22.0562 1772 SystemInfo:
23:26:22.0562 1772
23:26:22.0562 1772 OS Version: 6.0.6001 ServicePack: 1.0
23:26:22.0562 1772 Product type: Workstation
23:26:22.0562 1772 ComputerName: PHILIPP
23:26:22.0578 1772 UserName: philipp
23:26:22.0578 1772 Windows directory: C:\Windows
23:26:22.0578 1772 System windows directory: C:\Windows
23:26:22.0578 1772 Processor architecture: Intel x86
23:26:22.0578 1772 Number of processors: 2
23:26:22.0578 1772 Page size: 0x1000
23:26:22.0578 1772 Boot type: Safe boot
23:26:22.0578 1772 ============================================================
23:26:24.0187 1772 Initialize success
23:26:27.0890 1796 ============================================================
23:26:27.0890 1796 Scan started
23:26:27.0890 1796 Mode: Manual; SigCheck; TDLFS;
23:26:27.0890 1796 ============================================================
23:26:29.0453 1796 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
23:26:29.0562 1796 ACPI - ok
23:26:29.0640 1796 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:26:29.0671 1796 adp94xx - ok
23:26:29.0750 1796 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:26:29.0765 1796 adpahci - ok
23:26:29.0796 1796 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:26:29.0812 1796 adpu160m - ok
23:26:29.0843 1796 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:26:29.0843 1796 adpu320 - ok
23:26:29.0937 1796 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
23:26:30.0125 1796 AFD - ok
23:26:30.0187 1796 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
23:26:30.0218 1796 agp440 - ok
23:26:30.0281 1796 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:26:30.0296 1796 aic78xx - ok
23:26:30.0437 1796 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
23:26:30.0468 1796 aliide - ok
23:26:30.0531 1796 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
23:26:30.0546 1796 amdagp - ok
23:26:30.0578 1796 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
23:26:30.0578 1796 amdide - ok
23:26:30.0625 1796 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:26:31.0250 1796 AmdK7 - ok
23:26:31.0343 1796 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
23:26:31.0406 1796 AmdK8 - ok
23:26:31.0593 1796 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
23:26:31.0656 1796 AmdLLD - ok
23:26:32.0140 1796 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:26:32.0156 1796 arc - ok
23:26:32.0234 1796 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:26:32.0250 1796 arcsas - ok
23:26:32.0468 1796 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:26:32.0531 1796 AsyncMac - ok
23:26:32.0593 1796 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
23:26:32.0593 1796 atapi - ok
23:26:32.0843 1796 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
23:26:32.0937 1796 atksgt - ok
23:26:33.0109 1796 avgio (87828ecd657f81503465ac705e845076) C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
23:26:33.0125 1796 avgio - ok
23:26:33.0156 1796 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
23:26:33.0156 1796 avgntflt - ok
23:26:33.0203 1796 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys
23:26:33.0234 1796 avipbb - ok
23:26:33.0359 1796 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:26:33.0406 1796 Beep - ok
23:26:33.0468 1796 blbdrive - ok
23:26:33.0546 1796 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
23:26:33.0625 1796 bowser - ok
23:26:33.0687 1796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:26:33.0781 1796 BrFiltLo - ok
23:26:33.0843 1796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:26:33.0890 1796 BrFiltUp - ok
23:26:33.0968 1796 Bridge (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys
23:26:34.0015 1796 Bridge - ok
23:26:34.0031 1796 BridgeMP (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys
23:26:34.0062 1796 BridgeMP - ok
23:26:34.0156 1796 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:26:34.0234 1796 Brserid - ok
23:26:34.0250 1796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:26:34.0328 1796 BrSerWdm - ok
23:26:34.0359 1796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:26:34.0437 1796 BrUsbMdm - ok
23:26:34.0468 1796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:26:34.0546 1796 BrUsbSer - ok
23:26:34.0562 1796 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:26:34.0640 1796 BTHMODEM - ok
23:26:34.0687 1796 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:26:34.0734 1796 cdfs - ok
23:26:34.0781 1796 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
23:26:34.0828 1796 cdrom - ok
23:26:34.0906 1796 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:26:34.0984 1796 circlass - ok
23:26:35.0046 1796 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
23:26:35.0109 1796 CLFS - ok
23:26:35.0187 1796 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
23:26:35.0187 1796 cmdide - ok
23:26:35.0218 1796 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
23:26:35.0234 1796 Compbatt - ok
23:26:35.0296 1796 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:26:35.0328 1796 crcdisk - ok
23:26:35.0375 1796 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:26:35.0437 1796 Crusoe - ok
23:26:35.0515 1796 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
23:26:35.0578 1796 DfsC - ok
23:26:35.0703 1796 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
23:26:35.0734 1796 disk - ok
23:26:35.0859 1796 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:26:35.0906 1796 drmkaud - ok
23:26:35.0968 1796 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
23:26:36.0046 1796 DXGKrnl - ok
23:26:36.0109 1796 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:26:36.0203 1796 E1G60 - ok
23:26:36.0296 1796 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
23:26:36.0312 1796 Ecache - ok
23:26:36.0375 1796 ElbyCDIO (b5326548762bfaae7a42d5b0898dfeac) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:26:36.0375 1796 ElbyCDIO - ok
23:26:36.0453 1796 ElbyDelay (20d3b81663b3dfd5e32b0af8640aaf50) C:\Windows\system32\Drivers\ElbyDelay.sys
23:26:36.0468 1796 ElbyDelay - ok
23:26:36.0515 1796 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:26:36.0546 1796 elxstor - ok
23:26:36.0671 1796 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys
23:26:36.0703 1796 enodpl ( UnsignedFile.Multi.Generic ) - warning
23:26:36.0703 1796 enodpl - detected UnsignedFile.Multi.Generic (1)
23:26:36.0781 1796 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
23:26:36.0859 1796 exfat - ok
23:26:36.0937 1796 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
23:26:36.0984 1796 fastfat - ok
23:26:37.0062 1796 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:26:37.0156 1796 fdc - ok
23:26:37.0281 1796 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:26:37.0296 1796 FileInfo - ok
23:26:37.0328 1796 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:26:37.0359 1796 Filetrace - ok
23:26:37.0453 1796 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:26:37.0593 1796 flpydisk - ok
23:26:37.0671 1796 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
23:26:37.0671 1796 FltMgr - ok
23:26:37.0718 1796 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:26:37.0750 1796 Fs_Rec - ok
23:26:37.0812 1796 FWLANUSB (b45f1df1cce34e2af422f0ed78cd70ef) C:\Windows\system32\DRIVERS\fwlanusb.sys
23:26:37.0875 1796 FWLANUSB - ok
23:26:37.0968 1796 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:26:37.0968 1796 gagp30kx - ok
23:26:38.0046 1796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:26:38.0046 1796 GEARAspiWDM - ok
23:26:38.0187 1796 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
23:26:38.0187 1796 hamachi - ok
23:26:38.0312 1796 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:26:38.0390 1796 HdAudAddService - ok
23:26:38.0453 1796 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:26:38.0515 1796 HDAudBus - ok
23:26:38.0546 1796 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:26:38.0609 1796 HidBth - ok
23:26:38.0656 1796 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:26:38.0718 1796 HidIr - ok
23:26:38.0812 1796 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
23:26:38.0859 1796 HidUsb - ok
23:26:38.0953 1796 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:26:38.0968 1796 HpCISSs - ok
23:26:39.0093 1796 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
23:26:39.0156 1796 HTTP - ok
23:26:39.0203 1796 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:26:39.0203 1796 i2omp - ok
23:26:39.0265 1796 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:26:39.0312 1796 i8042prt - ok
23:26:39.0390 1796 iaStor (294110966cedd127629c5be48367c8cf) C:\Windows\system32\drivers\iastor.sys
23:26:39.0437 1796 iaStor - ok
23:26:39.0500 1796 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:26:39.0515 1796 iaStorV - ok
23:26:39.0640 1796 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:26:39.0640 1796 iirsp - ok
23:26:39.0781 1796 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
23:26:39.0921 1796 IntcAzAudAddService - ok
23:26:40.0015 1796 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
23:26:40.0031 1796 intelide - ok
23:26:40.0062 1796 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
23:26:40.0140 1796 intelppm - ok
23:26:40.0203 1796 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:26:40.0265 1796 IpFilterDriver - ok
23:26:40.0359 1796 IpInIp - ok
23:26:40.0421 1796 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:26:40.0500 1796 IPMIDRV - ok
23:26:40.0546 1796 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:26:40.0562 1796 IPNAT - ok
23:26:40.0609 1796 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:26:40.0640 1796 IRENUM - ok
23:26:40.0687 1796 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
23:26:40.0703 1796 isapnp - ok
23:26:40.0796 1796 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
23:26:40.0796 1796 iScsiPrt - ok
23:26:40.0906 1796 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:26:40.0921 1796 iteatapi - ok
23:26:41.0000 1796 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:26:41.0031 1796 iteraid - ok
23:26:41.0093 1796 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:26:41.0109 1796 kbdclass - ok
23:26:41.0156 1796 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
23:26:41.0218 1796 kbdhid - ok
23:26:41.0281 1796 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
23:26:41.0328 1796 KSecDD - ok
23:26:41.0484 1796 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:26:41.0484 1796 Lavasoft Kernexplorer - ok
23:26:41.0609 1796 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
23:26:41.0609 1796 Lbd - ok
23:26:41.0671 1796 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
23:26:41.0703 1796 lirsgt - ok
23:26:41.0750 1796 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:26:41.0781 1796 lltdio - ok
23:26:41.0828 1796 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:26:41.0828 1796 LSI_FC - ok
23:26:41.0859 1796 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:26:41.0875 1796 LSI_SAS - ok
23:26:41.0937 1796 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:26:41.0968 1796 LSI_SCSI - ok
23:26:42.0000 1796 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:26:42.0046 1796 luafv - ok
23:26:42.0078 1796 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:26:42.0093 1796 megasas - ok
23:26:42.0187 1796 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:26:42.0250 1796 Modem - ok
23:26:42.0296 1796 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:26:42.0359 1796 monitor - ok
23:26:42.0453 1796 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:26:42.0468 1796 mouclass - ok
23:26:42.0484 1796 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:26:42.0546 1796 mouhid - ok
23:26:42.0593 1796 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:26:42.0609 1796 MountMgr - ok
23:26:42.0703 1796 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:26:42.0734 1796 mpio - ok
23:26:42.0765 1796 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:26:42.0828 1796 mpsdrv - ok
23:26:42.0859 1796 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:26:42.0890 1796 Mraid35x - ok
23:26:42.0937 1796 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
23:26:43.0187 1796 MRxDAV - ok
23:26:43.0328 1796 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:26:43.0390 1796 mrxsmb - ok
23:26:43.0468 1796 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:26:43.0484 1796 mrxsmb10 - ok
23:26:43.0515 1796 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:26:43.0562 1796 mrxsmb20 - ok
23:26:43.0640 1796 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
23:26:43.0656 1796 msahci - ok
23:26:43.0687 1796 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:26:43.0718 1796 msdsm - ok
23:26:43.0765 1796 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:26:43.0828 1796 Msfs - ok
23:26:43.0875 1796 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:26:43.0890 1796 msisadrv - ok
23:26:43.0937 1796 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:26:43.0984 1796 MSKSSRV - ok
23:26:44.0062 1796 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:26:44.0125 1796 MSPCLOCK - ok
23:26:44.0187 1796 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:26:44.0218 1796 MSPQM - ok
23:26:44.0265 1796 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
23:26:44.0281 1796 MsRPC - ok
23:26:44.0296 1796 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:26:44.0312 1796 mssmbios - ok
23:26:44.0328 1796 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:26:44.0375 1796 MSTEE - ok
23:26:44.0453 1796 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
23:26:44.0453 1796 Mup - ok
23:26:44.0500 1796 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
23:26:44.0531 1796 NativeWifiP - ok
23:26:44.0640 1796 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
23:26:44.0687 1796 NDIS - ok
23:26:44.0796 1796 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:26:44.0859 1796 NdisTapi - ok
23:26:44.0906 1796 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:26:44.0968 1796 Ndisuio - ok
23:26:45.0000 1796 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
23:26:45.0031 1796 NdisWan - ok
23:26:45.0093 1796 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:26:45.0187 1796 NDProxy - ok
23:26:45.0312 1796 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:26:45.0359 1796 NetBIOS - ok
23:26:45.0406 1796 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
23:26:45.0453 1796 netbt - ok
23:26:45.0562 1796 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:26:45.0593 1796 nfrd960 - ok
23:26:45.0625 1796 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
23:26:45.0671 1796 Npfs - ok
23:26:45.0718 1796 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:26:45.0750 1796 nsiproxy - ok
23:26:45.0921 1796 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
23:26:45.0968 1796 Ntfs - ok
23:26:46.0046 1796 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:26:46.0125 1796 ntrigdigi - ok
23:26:46.0265 1796 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:26:46.0312 1796 Null - ok
23:26:46.0406 1796 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
23:26:46.0453 1796 nvatabus - ok
23:26:46.0921 1796 nvlddmkm (484844c0d892b42ecc5e6b063d072a38) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:26:47.0359 1796 nvlddmkm - ok
23:26:47.0500 1796 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
23:26:47.0515 1796 nvraid - ok
23:26:47.0562 1796 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:26:47.0578 1796 nvstor - ok
23:26:47.0625 1796 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
23:26:47.0640 1796 nv_agp - ok
23:26:47.0640 1796 NwlnkFlt - ok
23:26:47.0656 1796 NwlnkFwd - ok
23:26:47.0718 1796 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
23:26:47.0765 1796 ohci1394 - ok
23:26:47.0812 1796 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:26:47.0859 1796 Parport - ok
23:26:47.0890 1796 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
23:26:47.0906 1796 partmgr - ok
23:26:47.0921 1796 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:26:48.0000 1796 Parvdm - ok
23:26:48.0046 1796 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
23:26:48.0062 1796 pci - ok
23:26:48.0093 1796 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:26:48.0093 1796 pciide - ok
23:26:48.0140 1796 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:26:48.0156 1796 pcmcia - ok
23:26:48.0218 1796 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:26:48.0343 1796 PEAUTH - ok
23:26:48.0515 1796 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:26:48.0562 1796 PptpMiniport - ok
23:26:48.0609 1796 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:26:48.0671 1796 Processor - ok
23:26:48.0765 1796 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
23:26:48.0828 1796 PSched - ok
23:26:48.0890 1796 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:26:48.0937 1796 ql2300 - ok
23:26:48.0984 1796 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:26:49.0000 1796 ql40xx - ok
23:26:49.0062 1796 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:26:49.0062 1796 QWAVEdrv - ok
23:26:49.0109 1796 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:26:49.0156 1796 RasAcd - ok
23:26:49.0218 1796 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:26:49.0281 1796 Rasl2tp - ok
23:26:49.0343 1796 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
23:26:49.0390 1796 RasPppoe - ok
23:26:49.0484 1796 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
23:26:49.0531 1796 RasSstp - ok
23:26:49.0578 1796 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
23:26:49.0609 1796 rdbss - ok
23:26:49.0656 1796 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:26:49.0671 1796 RDPCDD - ok
23:26:49.0718 1796 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
23:26:49.0781 1796 rdpdr - ok
23:26:49.0828 1796 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:26:49.0843 1796 RDPENCDD - ok
23:26:49.0890 1796 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
23:26:49.0953 1796 RDPWD - ok
23:26:50.0015 1796 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:26:50.0046 1796 rspndr - ok
23:26:50.0078 1796 RTL8023xp (f7a8c9024e82534cec50613d87e88645) C:\Windows\system32\DRIVERS\Rtnicxp.sys
23:26:50.0125 1796 RTL8023xp - ok
23:26:50.0156 1796 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:26:50.0156 1796 sbp2port - ok
23:26:50.0218 1796 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:26:50.0296 1796 secdrv - ok
23:26:50.0328 1796 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
23:26:50.0390 1796 Serenum - ok
23:26:50.0421 1796 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
23:26:50.0468 1796 Serial - ok
23:26:50.0578 1796 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:26:50.0609 1796 sermouse - ok
23:26:50.0687 1796 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
23:26:50.0687 1796 sfdrv01 - ok
23:26:50.0718 1796 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys
23:26:50.0734 1796 sfdrv01a - ok
23:26:50.0765 1796 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
23:26:50.0812 1796 sffdisk - ok
23:26:50.0843 1796 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
23:26:50.0921 1796 sffp_mmc - ok
23:26:50.0937 1796 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
23:26:50.0984 1796 sffp_sd - ok
23:26:51.0125 1796 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
23:26:51.0140 1796 sfhlp02 - ok
23:26:51.0250 1796 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:26:51.0296 1796 sfloppy - ok
23:26:51.0546 1796 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
23:26:51.0562 1796 sfsync02 - ok
23:26:51.0734 1796 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
23:26:51.0750 1796 sisagp - ok
23:26:51.0843 1796 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
23:26:51.0937 1796 SiSRaid2 - ok
23:26:52.0000 1796 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:26:52.0000 1796 SiSRaid4 - ok
23:26:52.0062 1796 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
23:26:52.0078 1796 Smb - ok
23:26:52.0140 1796 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:26:52.0156 1796 spldr - ok
23:26:52.0234 1796 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
23:26:52.0265 1796 sptd - ok
23:26:52.0375 1796 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
23:26:52.0453 1796 srv - ok
23:26:52.0484 1796 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
23:26:52.0546 1796 srv2 - ok
23:26:52.0578 1796 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
23:26:52.0625 1796 srvnet - ok
23:26:52.0687 1796 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:26:52.0718 1796 ssmdrv ( UnsignedFile.Multi.Generic ) - warning
23:26:52.0718 1796 ssmdrv - detected UnsignedFile.Multi.Generic (1)
23:26:52.0765 1796 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:26:52.0765 1796 swenum - ok
23:26:52.0812 1796 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:26:52.0812 1796 Symc8xx - ok
23:26:52.0875 1796 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:26:52.0875 1796 Sym_hi - ok
23:26:52.0906 1796 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:26:52.0921 1796 Sym_u3 - ok
23:26:53.0000 1796 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
23:26:53.0031 1796 tandpl ( UnsignedFile.Multi.Generic ) - warning
23:26:53.0031 1796 tandpl - detected UnsignedFile.Multi.Generic (1)
23:26:53.0109 1796 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys
23:26:53.0125 1796 TBPanel - ok
23:26:53.0187 1796 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
23:26:53.0234 1796 Tcpip - ok
23:26:53.0328 1796 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
23:26:53.0359 1796 Tcpip6 - ok
23:26:53.0421 1796 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
23:26:53.0437 1796 tcpipreg - ok
23:26:53.0484 1796 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:26:53.0531 1796 TDPIPE - ok
23:26:53.0578 1796 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:26:53.0625 1796 TDTCP - ok
23:26:53.0671 1796 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
23:26:53.0687 1796 tdx - ok
23:26:53.0734 1796 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
23:26:53.0750 1796 TermDD - ok
23:26:53.0812 1796 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:26:53.0859 1796 tssecsrv - ok
23:26:53.0937 1796 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:26:53.0984 1796 tunmp - ok
23:26:54.0031 1796 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
23:26:54.0078 1796 tunnel - ok
23:26:54.0125 1796 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:26:54.0125 1796 uagp35 - ok
23:26:54.0171 1796 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
23:26:54.0187 1796 udfs - ok
23:26:54.0234 1796 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
23:26:54.0234 1796 uliagpkx - ok
23:26:54.0265 1796 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:26:54.0281 1796 uliahci - ok
23:26:54.0312 1796 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:26:54.0312 1796 UlSata - ok
23:26:54.0343 1796 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:26:54.0359 1796 ulsata2 - ok
23:26:54.0390 1796 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:26:54.0421 1796 umbus - ok
23:26:54.0453 1796 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
23:26:54.0515 1796 USBAAPL - ok
23:26:54.0546 1796 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:26:54.0593 1796 usbccgp - ok
23:26:54.0640 1796 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:26:54.0703 1796 usbcir - ok
23:26:54.0781 1796 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
23:26:54.0796 1796 usbehci - ok
23:26:54.0843 1796 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
23:26:54.0859 1796 usbhub - ok
23:26:54.0906 1796 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
23:26:54.0953 1796 usbohci - ok
23:26:55.0015 1796 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:26:55.0062 1796 usbprint - ok
23:26:55.0109 1796 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:26:55.0156 1796 USBSTOR - ok
23:26:55.0203 1796 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
23:26:55.0250 1796 usbuhci - ok
23:26:55.0296 1796 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:26:55.0359 1796 vga - ok
23:26:55.0406 1796 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:26:55.0421 1796 VgaSave - ok
23:26:55.0453 1796 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
23:26:55.0468 1796 viaagp - ok
23:26:55.0484 1796 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:26:55.0562 1796 ViaC7 - ok
23:26:55.0593 1796 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
23:26:55.0593 1796 viaide - ok
23:26:55.0640 1796 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
23:26:55.0703 1796 viamraid - ok
23:26:55.0765 1796 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:26:55.0765 1796 volmgr - ok
23:26:55.0812 1796 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
23:26:55.0828 1796 volmgrx - ok
23:26:55.0890 1796 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
23:26:55.0906 1796 volsnap - ok
23:26:55.0921 1796 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:26:55.0921 1796 vsmraid - ok
23:26:55.0968 1796 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:26:56.0031 1796 WacomPen - ok
23:26:56.0078 1796 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:26:56.0093 1796 Wanarp - ok
23:26:56.0109 1796 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:26:56.0125 1796 Wanarpv6 - ok
23:26:56.0156 1796 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:26:56.0156 1796 Wd - ok
23:26:56.0218 1796 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:26:56.0250 1796 Wdf01000 - ok
23:26:56.0312 1796 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
23:26:56.0390 1796 WmiAcpi - ok
23:26:56.0468 1796 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
23:26:56.0484 1796 WpdUsb - ok
23:26:56.0515 1796 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:26:56.0562 1796 ws2ifsl - ok
23:26:56.0656 1796 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:26:56.0703 1796 WUDFRd - ok
23:26:56.0781 1796 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:26:56.0843 1796 \Device\Harddisk0\DR0 - ok
23:26:56.0859 1796 Boot (0x1200) (1a4e59b52b4ddc3e7083f257fd761a36) \Device\Harddisk0\DR0\Partition0
23:26:56.0859 1796 \Device\Harddisk0\DR0\Partition0 - ok
23:26:56.0875 1796 Boot (0x1200) (96288a61c20efaeb71380a61c6081881) \Device\Harddisk0\DR0\Partition1
23:26:56.0875 1796 \Device\Harddisk0\DR0\Partition1 - ok
23:26:56.0875 1796 ============================================================
23:26:56.0875 1796 Scan finished
23:26:56.0875 1796 ============================================================
23:26:56.0890 1788 Detected object count: 3
23:26:56.0890 1788 Actual detected object count: 3
23:27:06.0078 1788 enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:06.0078 1788 enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:27:06.0078 1788 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:06.0078 1788 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:27:06.0093 1788 tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:06.0093 1788 tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.10.2011, 08:11
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System 32 Fehlermeldung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2011, 16:01
| #15 |
| | System 32 Fehlermeldung Hier der ComboFix log: Code:
ATTFilter ComboFix 11-10-27.04 - philipp 27.10.2011 16:40:56.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3070.2602 [GMT 2:00]
ausgeführt von:: c:\users\philipp\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\philipp\AppData\Local\._Revolution_
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-27 bis 2011-10-27 ))))))))))))))))))))))))))))))
.
.
2011-10-27 14:51 . 2011-10-27 14:52 -------- d-----w- c:\users\philipp\AppData\Local\temp
2011-10-27 14:51 . 2011-10-27 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 19:49 . 2011-10-25 19:49 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-25 10:20 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-25 10:19 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-08-24 12:28 . 2011-08-24 12:28 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-17 22:47 . 2011-08-17 22:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2011-09-24 11:22 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C667E537-B5B9-4B0B-9640-761E1EA3574D}\mpengine.dll
2011-09-01 21:43 . 2011-08-28 02:36 0 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 06:28 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6002.18005_none_3bff339efed611ca\olepro32.dll
[-] 2008-01-19 07:36 . 6FE06C401E5B69A155CE6EAA67A9A28D . 88576 . . [------] . . c:\windows\System32\olepro32.dll
[-] 2008-01-19 07:36 . 6FE06C401E5B69A155CE6EAA67A9A28D . 88576 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6001.18000_none_3a13ba9301b4467e\olepro32.dll
[7] 2006-11-02 09:46 . DF54915B3DD106854F18C678BEB2977D . 88576 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6000.16386_none_37dcf89704c935aa\olepro32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2008-10-21 15:12 2177576 ----a-w- c:\program files\EXPERTool\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-26 691696]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-07-31 264704]
R3 HRService;Haufe iDesk-Service in c:\program files\Haufe\iDesk\iDeskService\Zope;c:\program files\Haufe\iDesk\iDeskService\iDeskService.exe [2008-08-20 70336]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 07:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mLocal Page =
FF - ProfilePath - c:\users\philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vzkwfv5c.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
regedit=regedit.exe "%1"
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1631550F-191D-4826-B069-D9439253D926} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
AddRemove-Worms2 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-10-27 16:52
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx]
"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci]
"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320]
"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp]
"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7]
"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8]
"ImagePath"="system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdLLD]
"ImagePath"="system32\DRIVERS\AmdLLD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirScheduler]
"ImagePath"="\"c:\program files\AntiVir PersonalEdition Classic\sched.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirService]
"ImagePath"="\"c:\program files\AntiVir PersonalEdition Classic\avguard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Apple Mobile Device]
"ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc]
"ImagePath"="\SystemRoot\system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas]
"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atksgt]
"ImagePath"="system32\DRIVERS\atksgt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgio]
"ImagePath"="\??\c:\program files\AntiVir PersonalEdition Classic\avgio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgntflt]
"ImagePath"="\??\c:\program files\AntiVir PersonalEdition Classic\avgntflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVM WLAN Connection Service]
"ImagePath"="c:\program files\avmwlanstick\WlanNetService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS]
"ServiceDll"="%SystemRoot%\System32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Bridge]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\users\philipp\AppData\Local\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt]
"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe]
"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR]
"ImagePath"="%SystemRoot%\system32\DFSR.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G60I32.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehstart]
"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ElbyCDIO]
"ImagePath"="System32\Drivers\ElbyCDIO.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ElbyDelay]
"ImagePath"="System32\Drivers\ElbyDelay.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor]
"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\enodpl]
"ImagePath"="System32\drivers\enodpl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FWLANUSB]
"ImagePath"="system32\DRIVERS\fwlanusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hamachi]
"ImagePath"="system32\DRIVERS\hamachi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs]
"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HRService]
"ImagePath"="\"c:\program files\Haufe\iDesk\iDeskService\iDeskService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp]
"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStor]
"ImagePath"="\SystemRoot\system32\drivers\iastor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp]
"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHDA.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi]
"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid]
"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lavasoft Ad-Aware Service]
"ImagePath"="\"c:\program files\Lavasoft\Ad-Aware\AAWService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lavasoft Kernexplorer]
"ImagePath"="\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lbd]
"ImagePath"="system32\DRIVERS\Lbd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lirsgt]
"ImagePath"="system32\DRIVERS\lirsgt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC]
"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas]
"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x]
"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci]
"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon]
"ImagePath"="%systemroot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960]
"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi]
"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvatabus]
"ImagePath"="\SystemRoot\system32\drivers\nvatabus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvlddmkm]
"ImagePath"="system32\DRIVERS\nvlddmkm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvsvc]
"ImagePath"="%SystemRoot%\system32\nvvsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]
"ImagePath"="\SystemRoot\system32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm]
"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia]
"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300]
"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx]
"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr]
"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SBSDWSCService]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\System32\sens.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfdrv01]
"ImagePath"="System32\drivers\sfdrv01.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfdrv01a]
"ImagePath"="System32\drivers\sfdrv01a.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfhlp02]
"ImagePath"="System32\drivers\sfhlp02.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfsync02]
"ImagePath"="System32\drivers\sfsync02.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp]
"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc]
"ImagePath"="%SystemRoot%\system32\SLsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify]
"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx]
"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi]
"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3]
"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tandpl]
"ImagePath"="System32\drivers\tandpl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBPanel]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TeamViewer]
"ImagePath"="\"c:\program files\TeamViewer3\TeamViewer_Service.exe\" -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TestHandler]
"ImagePath"="c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci]
"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata]
"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2]
"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7]
"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viamraid]
"ImagePath"="\SystemRoot\system32\drivers\viamraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid]
"ImagePath"="system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd]
"ImagePath"="\SystemRoot\system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{2DE49F84-109C-4E97-B9FC-30727990B278}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{3F975C1D-5284-43D1-9A1E-C813BC89BFAB}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{79A80240-1282-48E1-AA54-1A3DB4EF6D58}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{9A298ED5-674B-4843-934D-2F1FD3ACE865}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{9C21FC01-24D2-4219-9A3B-AC3E553DF273}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B7C5D548-6893-4D15-AFE4-2C1FB1E655F9}]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2086985829-3942022371-379819149-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b4,6a,82,cf,6b,bc,f4,99,2b,3a,a9,f0,d8,0c,da,92,18,85,df,ac,f3,a1,87,
eb,35,f5,b5,4b,9a,a1,77,1a,85,70,93,3d,49,c4,4e,fd,cb,4f,02,2e,7c,14,69,66,\
"??"=hex:3d,03,cc,53,87,43,f7,50,5b,a9,63,73,f3,15,be,cc
.
[HKEY_USERS\S-1-5-21-2086985829-3942022371-379819149-1000\Software\SecuROM\License information*]
"datasecu"=hex:5c,19,94,bc,01,a4,88,b9,4c,70,29,6e,2f,50,ea,f5,6c,cd,b7,48,be,
40,c4,ac,2a,1a,51,32,88,43,18,4f,2d,31,6d,38,10,9c,7c,9f,b3,06,f6,e0,0d,d3,\
"rkeysecu"=hex:41,7a,4e,c7,2f,71,66,c6,99,35,57,84,f1,c1,39,88
.
Zeit der Fertigstellung: 2011-10-27 16:55:15
ComboFix-quarantined-files.txt 2011-10-27 14:54
.
Vor Suchlauf: 15 Verzeichnis(se), 43.183.779.840 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 45.808.893.952 Bytes frei
.
- - End Of File - - D064D597DC7EECB8330F90B20854F723
|
|
| Themen zu System 32 Fehlermeldung |
| administrator, browser, explorer, fehlermeldung, fehlermeldungen, funktioniert, gen, hoffe, interne, internet, internet explorer, leute, nicht starten, nichts, problem, programme, recht, recovery, starte, starten, system, system 32, versucht, virenprogramme, woche, wochen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
