| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Link über Facebook geöffnet, Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.10.2011, 07:25
| #1 |
 |  Link über Facebook geöffnet, Virus? Hallo, ich habe folgendes Problem. Ich habe folgenden Link über Facebook geöffnet: [link entfernt von cosinus] Seit dem zeigt mir mein Microsoft Security Essentials dauernd Würmer/Trojaner Meldungen an, was vorher gar nicht der Fall ist. Ich lasse gerade nochmal einen vollständingen Scan laufen. Was macht dieses DING jetzt mit meinem Computer? Habe jetzt immer Angst mich irgendwo eizuloggen, da ich befürchte das die Daten ausgespäht werden (Onlinebanking, Email, Ebay usw.). Wäre sehr froh über Hilfe. Nur muss ich dazu sagen, das ich sehr wenig Ahnung von Computern habe, z.B. sagen mir die viel gelesenen LogFiles nichts. Falls sich jemand erbarmen sollte mir zu helfen, bitte ich Geduld mitzubringen. Danke Da mir keiner antwortet habe ich wohl etwas falsch gemacht bei meinen Beiträgen. Da ich wenig Ahnung von Computern habe, zeige ich euch einfach mal den Screenshot der Würmer die gefunden wurden. Mein Rechner hat Windows 7. Wenn weitere Daten benötigt werden bitte Bescheid sagen. Da auf nachfolgende Themen/Problematik geantwortet wurde nehme ich an, das bei mir immer noch Daten benötigt werden, da ich nicht weiß welche diese sind bitte ich einen Moderator mir kurz auf die Sprünge zu helfen.  Geändert von cosinus (23.10.2011 um 19:32 Uhr) |
|
23.10.2011, 19:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Link über Facebook geöffnet, Virus? Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
24.10.2011, 18:23
| #3 |
| | Link über Facebook geöffnet, Virus? Hallo, hier die hoffentlich richtige Logfile von Malwarebytes.
__________________Beim zweiten Schritt bleibe ich immer hängen. Da zeigt er mir beim ESET Online Scanner folgendes an: Can not get update. Is proxy configured? |
|
24.10.2011, 18:37
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Link über Facebook geöffnet, Virus?Zitat:
2.) Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.10.2011, 21:40
| #5 |
| | Link über Facebook geöffnet, Virus? Das spuckt er mir jetzt aus. Ach und da ist noch die Frage wegen Onlinebanking, Ebay, Email usw. Kann ich das gefahrlos nutzen? DANKE :-) Geändert von D.A.U. (24.10.2011 um 21:58 Uhr) |
|
25.10.2011, 10:09
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Link über Facebook geöffnet, Virus?Zitat:
CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Link über Facebook geöffnet, Virus? |
|
25.10.2011, 18:20
| #7 |
| | Link über Facebook geöffnet, Virus? Hallo, hier das Ergebnis von OTL und danke Cosinus für die Mühe und Arbeit die du dir machst. Hilfst mir wirklich sehr damit. Danke OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/25/2011 7:02:37 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Toni\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.85 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 67.78% Memory free 7.71 Gb Paging File | 6.27 Gb Available in Paging File | 81.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 231.00 Gb Total Space | 14.23 Gb Free Space | 6.16% Space Free | Partition Type: NTFS Drive D: | 345.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS Drive E: | 6.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: SGD1953 | User Name: Toni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/10/25 18:52:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Downloads\OTL.exe PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe PRC - [2011/01/17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/08/05 10:08:56 | 003,241,840 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/07/30 10:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ========== Modules (No Company Name) ========== MOD - [2011/10/13 20:02:13 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/07/07 20:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS) SRV - [2010/12/21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/09/23 22:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS) DRV:64bit: - [2011/05/11 22:00:16 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/03/31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/03/31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/03/15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS) DRV:64bit: - [2011/01/27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON) DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010/07/07 21:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/07/07 20:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/06/17 06:34:44 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/05/21 06:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/04/22 04:51:46 | 003,062,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/02/26 09:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV - [2010/12/16 23:50:04 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\EX64.SYS -- (NAVEX15) DRV - [2010/12/16 23:50:04 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\ENG64.SYS -- (NAVENG) DRV - [2010/11/23 04:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64) DRV - [2010/11/09 02:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101217.001\IDSviA64.sys -- (IDSVia64) DRV - [2010/10/21 22:54:45 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2010/10/21 22:54:45 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/09/23 23:31:32 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49919 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Toni\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/09/27 20:24:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_2_3 [2011/10/25 18:37:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/05 14:22:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/24 19:16:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 19:16:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/05 14:22:21 | 000,000,000 | ---D | M] [2010/10/22 10:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions [2011/10/25 19:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions [2010/11/10 17:37:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010/10/30 00:44:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/08/08 11:48:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/10/14 21:16:16 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-1.xml [2011/08/29 23:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-2.xml [2011/09/15 23:06:40 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-3.xml [2011/09/27 20:45:56 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-4.xml [2011/10/24 19:16:53 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-5.xml [2010/11/10 17:37:34 | 000,000,168 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.gif [2010/11/10 17:37:34 | 000,000,618 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.src [2011/07/28 06:37:43 | 000,001,056 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.xml [2011/10/24 21:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/10/13 20:00:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/11/05 14:22:21 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2011/10/25 18:37:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\COFFPLGN_2011_7_2_3 [2011/09/27 20:24:56 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPLGN [2011/10/13 19:59:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/04/29 13:41:02 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2011/08/03 22:01:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/08/03 22:01:11 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/08/03 22:01:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/08/03 22:01:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/08/03 22:01:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0342942-4453-4215-9D4F-880EB5D5B723}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F27C0B94-38B3-412C-87B5-05FAB074023D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2011/09/07 02:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/10/24 23:57:42 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Zattoo [2011/10/24 23:56:25 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2011/10/24 23:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2011/10/24 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4 [2011/10/24 20:01:52 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\ElevatedDiagnostics [2011/10/24 19:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/10/23 11:49:23 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Malwarebytes [2011/10/23 11:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/10/23 11:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/10/23 11:49:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2011/10/23 11:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/10/16 00:33:21 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\8FD92 [2011/10/16 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\DA98F [2011/10/15 16:25:57 | 000,000,000 | RHSD | C] -- C:\Users\Toni\M-1-52-5782-8752-5245 [2011/10/14 21:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011/10/14 21:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2011/10/14 21:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2011/10/14 21:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2011/10/14 21:43:04 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Microsoft Help [2011/10/14 21:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011/10/13 20:36:23 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\OpenOffice.org [2011/10/13 20:01:52 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2011/10/13 20:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2011/10/13 20:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/10/13 20:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/10/13 19:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011/10/13 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\OpenOffice.org 3.3 (de) Installation Files [2011/09/27 19:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011/09/27 19:34:45 | 000,000,000 | ---D | C] -- C:\Users\Toni\Documents\FIFA 12 [2011/09/27 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12 [2011/09/27 19:25:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2011/09/27 18:34:31 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Origin [2011/09/27 18:34:30 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Origin [2011/09/27 18:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2011/09/27 18:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2011/09/27 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin ========== Files - Modified Within 30 Days ========== [2011/10/25 18:43:28 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/10/25 18:43:28 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/10/25 18:34:50 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/10/25 18:34:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/10/25 18:34:21 | 4137,861,120 | -HS- | M] () -- C:\hiberfil.sys [2011/10/25 00:21:00 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/10/24 23:59:13 | 000,017,408 | ---- | M] () -- C:\Users\Toni\AppData\Local\WebpageIcons.db [2011/10/24 23:56:26 | 000,001,868 | ---- | M] () -- C:\Users\Toni\Desktop\Zattoo.lnk [2011/10/23 11:49:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/10/22 23:04:30 | 000,000,000 | ---- | M] () -- C:\Users\Toni\defogger_reenable [2011/10/22 13:51:00 | 000,203,650 | ---- | M] () -- C:\Users\Toni\Desktop\wurm.jpg [2011/10/19 23:32:42 | 001,506,782 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2011/10/19 23:32:42 | 000,656,944 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2011/10/19 23:32:42 | 000,618,786 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2011/10/19 23:32:42 | 000,131,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2011/10/19 23:32:42 | 000,107,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2011/10/19 17:13:36 | 000,448,512 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2011/10/17 23:32:53 | 000,610,304 | ---- | M] () -- C:\Users\Toni\Desktop\eichmüller#.pub [2011/10/13 20:37:14 | 000,001,235 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011/10/13 20:01:55 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011/09/27 19:25:28 | 000,001,255 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2011/09/27 18:37:57 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk ========== Files Created - No Company Name ========== [2011/10/24 23:57:42 | 000,017,408 | ---- | C] () -- C:\Users\Toni\AppData\Local\WebpageIcons.db [2011/10/24 23:56:26 | 000,001,868 | ---- | C] () -- C:\Users\Toni\Desktop\Zattoo.lnk [2011/10/23 11:49:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/10/22 23:04:30 | 000,000,000 | ---- | C] () -- C:\Users\Toni\defogger_reenable [2011/10/22 13:50:59 | 000,203,650 | ---- | C] () -- C:\Users\Toni\Desktop\wurm.jpg [2011/10/17 23:32:52 | 000,610,304 | ---- | C] () -- C:\Users\Toni\Desktop\eichmüller#.pub [2011/10/13 20:37:14 | 000,001,235 | ---- | C] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011/10/13 20:01:54 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011/09/27 19:25:27 | 000,001,255 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2011/09/27 18:32:31 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2011/05/14 12:50:44 | 000,695,578 | ---- | C] () -- C:\windows\unins000.exe [2011/05/14 12:50:44 | 000,005,944 | ---- | C] () -- C:\windows\unins000.dat [2010/11/05 14:07:01 | 000,266,118 | ---- | C] () -- C:\windows\hpwins23.dat [2010/10/27 11:57:29 | 001,533,476 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010/10/21 20:57:57 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/08/17 20:53:19 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2010/08/17 06:09:26 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2010/08/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2010/08/17 05:12:01 | 000,002,076 | ---- | C] () -- C:\windows\HotFixList.ini [2009/11/06 11:17:18 | 000,001,843 | ---- | C] () -- C:\windows\hpwmdl23.dat [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin [2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin [2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin [2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/10/17 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\8FD92 [2011/07/27 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\BOM [2011/10/17 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DA98F [2011/07/28 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoft [2011/07/27 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers [2011/04/27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Leadertech [2011/10/13 20:36:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\OpenOffice.org [2011/09/27 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Origin [2011/08/09 17:14:39 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\SoftGrid Client [2010/10/21 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Tific [2010/10/27 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\TP [2009/07/14 07:08:49 | 000,027,552 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/10/17 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\8FD92 [2010/10/22 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Adobe [2010/10/21 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\ATI [2011/07/27 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\BOM [2010/11/06 00:55:10 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\CyberLink [2011/10/17 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DA98F [2011/07/28 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoft [2011/07/27 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers [2010/11/05 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\HP [2010/10/21 21:08:28 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Identities [2010/10/22 23:03:09 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\InstallShield [2011/04/27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Leadertech [2010/10/21 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Macromedia [2011/10/23 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Malwarebytes [2010/08/17 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Media Center Programs [2011/10/16 00:32:56 | 000,000,000 | --SD | M] -- C:\Users\Toni\AppData\Roaming\Microsoft [2011/05/14 12:50:44 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Mozilla [2011/10/13 20:36:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\OpenOffice.org [2011/09/27 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Origin [2010/10/21 22:29:49 | 000,000,000 | RH-D | M] -- C:\Users\Toni\AppData\Roaming\SecuROM [2011/08/09 17:14:39 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\SoftGrid Client [2010/10/21 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Tific [2010/10/27 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\TP [2010/11/08 01:23:50 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\vlc [2011/04/28 13:46:19 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\drivers\iaStor.sys [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643 < End of report > |
|
25.10.2011, 18:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Link über Facebook geöffnet, Virus? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49919
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.type: 0
[2010/11/10 17:37:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/10/30 00:44:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/08/08 11:48:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/14 21:16:16 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-1.xml
[2011/08/29 23:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-2.xml
[2011/09/15 23:06:40 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-3.xml
[2011/09/27 20:45:56 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-4.xml
[2011/10/24 19:16:53 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-5.xml
[2010/11/10 17:37:34 | 000,000,168 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.gif
[2010/11/10 17:37:34 | 000,000,618 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.src
[2011/07/28 06:37:43 | 000,001,056 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2011/09/07 02:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts)
[2011/10/16 00:33:21 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\8FD92
[2011/10/16 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\DA98F
[2011/10/15 16:25:57 | 000,000,000 | RHSD | C] -- C:\Users\Toni\M-1-52-5782-8752-5245
[2011/07/27 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\BOM
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2011, 19:02
| #9 |
| | Link über Facebook geöffnet, Virus? Nach dem Neustart hat er mir folgendes ausgespuckt: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
Folder move failed. C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\modules\third-party folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\modules folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\defaults\preferences folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\defaults folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\components folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome folder moved successfully.
Folder move failed. C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} scheduled to be moved on reboot.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EADM deleted successfully.
C:\Program Files (x86)\Origin\Origin.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File not found.
File move failed. E:\Autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
C:\Users\Toni\AppData\Roaming\8FD92 folder moved successfully.
C:\Users\Toni\AppData\Roaming\DA98F folder moved successfully.
C:\Users\Toni\M-1-52-5782-8752-5245 folder moved successfully.
C:\Users\Toni\AppData\Roaming\BOM folder moved successfully.
ADS C:\ProgramData\Temp:8530A643 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Toni
->Temp folder emptied: 906894369 bytes
->Temporary Internet Files folder emptied: 41489392 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58192043 bytes
->Flash cache emptied: 114274 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152948836 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 3840910473 bytes
Total Files Cleaned = 4,769.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 10252011_195139
Files\Folders moved on Reboot...
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} folder moved successfully.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
C:\Users\Toni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Geändert von cosinus (25.10.2011 um 19:45 Uhr) Grund: Bitte in CODE-Tags posten!! |
|
25.10.2011, 19:23
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Link über Facebook geöffnet, Virus? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2011, 19:42
| #11 |
| | Link über Facebook geöffnet, Virus?Code:
ATTFilter 20:40:01.0533 1140 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
20:40:01.0780 1140 ============================================================
20:40:01.0780 1140 Current date / time: 2011/10/25 20:40:01.0780
20:40:01.0780 1140 SystemInfo:
20:40:01.0781 1140
20:40:01.0781 1140 OS Version: 6.1.7600 ServicePack: 0.0
20:40:01.0781 1140 Product type: Workstation
20:40:01.0781 1140 ComputerName: SGD1953
20:40:01.0781 1140 UserName: Toni
20:40:01.0781 1140 Windows directory: C:\windows
20:40:01.0781 1140 System windows directory: C:\windows
20:40:01.0781 1140 Running under WOW64
20:40:01.0782 1140 Processor architecture: Intel x64
20:40:01.0782 1140 Number of processors: 4
20:40:01.0782 1140 Page size: 0x1000
20:40:01.0782 1140 Boot type: Normal boot
20:40:01.0782 1140 ============================================================
20:40:02.0336 1140 Initialize success
20:41:05.0885 4952 ============================================================
20:41:05.0885 4952 Scan started
20:41:05.0885 4952 Mode: Manual; SigCheck; TDLFS;
20:41:05.0885 4952 ============================================================
20:41:06.0092 4952 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
20:41:06.0191 4952 1394ohci - ok
20:41:06.0242 4952 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
20:41:06.0271 4952 ACPI - ok
20:41:06.0295 4952 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
20:41:06.0336 4952 AcpiPmi - ok
20:41:06.0374 4952 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:41:06.0402 4952 adp94xx - ok
20:41:06.0449 4952 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:41:06.0476 4952 adpahci - ok
20:41:06.0509 4952 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:41:06.0530 4952 adpu320 - ok
20:41:06.0590 4952 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
20:41:06.0655 4952 AFD - ok
20:41:06.0689 4952 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
20:41:06.0708 4952 agp440 - ok
20:41:06.0742 4952 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
20:41:06.0759 4952 aliide - ok
20:41:06.0792 4952 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
20:41:06.0809 4952 amdide - ok
20:41:06.0851 4952 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:41:06.0944 4952 AmdK8 - ok
20:41:07.0183 4952 amdkmdag (3d07f9c090c7a1d76d624972a5384471) C:\windows\system32\DRIVERS\atikmdag.sys
20:41:07.0402 4952 amdkmdag - ok
20:41:07.0506 4952 amdkmdap (99ab7e4b24c80155dc4296f657faf3c7) C:\windows\system32\DRIVERS\atikmpag.sys
20:41:07.0567 4952 amdkmdap - ok
20:41:07.0585 4952 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:41:07.0680 4952 AmdPPM - ok
20:41:07.0730 4952 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
20:41:07.0753 4952 amdsata - ok
20:41:07.0777 4952 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:41:07.0804 4952 amdsbs - ok
20:41:07.0842 4952 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
20:41:07.0876 4952 amdxata - ok
20:41:07.0914 4952 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
20:41:08.0067 4952 AppID - ok
20:41:08.0190 4952 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:41:08.0222 4952 arc - ok
20:41:08.0239 4952 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:41:08.0257 4952 arcsas - ok
20:41:08.0303 4952 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:41:08.0379 4952 AsyncMac - ok
20:41:08.0407 4952 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
20:41:08.0424 4952 atapi - ok
20:41:08.0562 4952 athr (2c0bb386e86670bb1b1a57caaef3e50d) C:\windows\system32\DRIVERS\athrx.sys
20:41:08.0652 4952 athr - ok
20:41:08.0799 4952 AtiHDAudioService (d048e78b8b6416a0a5a18843867c9973) C:\windows\system32\drivers\AtihdW76.sys
20:41:08.0842 4952 AtiHDAudioService - ok
20:41:08.0913 4952 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:41:09.0011 4952 b06bdrv - ok
20:41:09.0043 4952 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:41:09.0134 4952 b57nd60a - ok
20:41:09.0252 4952 BCM43XX (96cc359d243b3c947db036e941ea213d) C:\windows\system32\DRIVERS\bcmwl664.sys
20:41:09.0340 4952 BCM43XX - ok
20:41:09.0457 4952 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:41:09.0537 4952 Beep - ok
20:41:09.0765 4952 BHDrvx64 (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
20:41:09.0809 4952 BHDrvx64 - ok
20:41:09.0902 4952 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:41:09.0945 4952 blbdrive - ok
20:41:09.0993 4952 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
20:41:10.0035 4952 bowser - ok
20:41:10.0059 4952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:41:10.0140 4952 BrFiltLo - ok
20:41:10.0170 4952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:41:10.0193 4952 BrFiltUp - ok
20:41:10.0220 4952 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:41:10.0319 4952 Brserid - ok
20:41:10.0342 4952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:41:10.0399 4952 BrSerWdm - ok
20:41:10.0426 4952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:41:10.0489 4952 BrUsbMdm - ok
20:41:10.0530 4952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:41:10.0576 4952 BrUsbSer - ok
20:41:10.0654 4952 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
20:41:10.0696 4952 BthEnum - ok
20:41:10.0722 4952 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:41:10.0767 4952 BTHMODEM - ok
20:41:10.0804 4952 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:41:10.0845 4952 BthPan - ok
20:41:10.0915 4952 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
20:41:10.0973 4952 BTHPORT - ok
20:41:11.0040 4952 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
20:41:11.0092 4952 BTHUSB - ok
20:41:11.0125 4952 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:41:11.0195 4952 cdfs - ok
20:41:11.0224 4952 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
20:41:11.0265 4952 cdrom - ok
20:41:11.0297 4952 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:41:11.0381 4952 circlass - ok
20:41:11.0429 4952 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:41:11.0459 4952 CLFS - ok
20:41:11.0513 4952 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:41:11.0550 4952 CmBatt - ok
20:41:11.0565 4952 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
20:41:11.0588 4952 cmdide - ok
20:41:11.0625 4952 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
20:41:11.0664 4952 CNG - ok
20:41:11.0686 4952 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:41:11.0703 4952 Compbatt - ok
20:41:11.0752 4952 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
20:41:11.0827 4952 CompositeBus - ok
20:41:11.0858 4952 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:41:11.0877 4952 crcdisk - ok
20:41:11.0970 4952 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
20:41:12.0010 4952 DfsC - ok
20:41:12.0035 4952 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:41:12.0125 4952 discache - ok
20:41:12.0161 4952 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:41:12.0196 4952 Disk - ok
20:41:12.0330 4952 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
20:41:12.0388 4952 Dot4 - ok
20:41:12.0412 4952 Dot4Print (85135ad27e79b689335c08167d917cde) C:\windows\system32\DRIVERS\Dot4Prt.sys
20:41:12.0439 4952 Dot4Print - ok
20:41:12.0465 4952 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
20:41:12.0510 4952 dot4usb - ok
20:41:12.0541 4952 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:41:12.0593 4952 drmkaud - ok
20:41:12.0637 4952 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
20:41:12.0686 4952 DXGKrnl - ok
20:41:12.0792 4952 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:41:12.0878 4952 ebdrv - ok
20:41:12.0986 4952 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:41:13.0028 4952 eeCtrl - ok
20:41:13.0144 4952 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:41:13.0185 4952 elxstor - ok
20:41:13.0239 4952 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:41:13.0261 4952 EraserUtilRebootDrv - ok
20:41:13.0286 4952 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
20:41:13.0339 4952 ErrDev - ok
20:41:13.0386 4952 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:41:13.0456 4952 exfat - ok
20:41:13.0485 4952 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:41:13.0542 4952 fastfat - ok
20:41:13.0572 4952 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:41:13.0609 4952 fdc - ok
20:41:13.0712 4952 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:41:13.0744 4952 FileInfo - ok
20:41:13.0842 4952 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:41:13.0904 4952 Filetrace - ok
20:41:13.0926 4952 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:41:13.0952 4952 flpydisk - ok
20:41:13.0977 4952 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
20:41:14.0002 4952 FltMgr - ok
20:41:14.0023 4952 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:41:14.0042 4952 FsDepends - ok
20:41:14.0087 4952 fssfltr (2bf3b36b96d015af666b6aa63ae2e38f) C:\windows\system32\DRIVERS\fssfltr.sys
20:41:14.0119 4952 fssfltr - ok
20:41:14.0148 4952 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:41:14.0168 4952 Fs_Rec - ok
20:41:14.0212 4952 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
20:41:14.0260 4952 fvevol - ok
20:41:14.0324 4952 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:41:14.0356 4952 gagp30kx - ok
20:41:14.0421 4952 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:41:14.0498 4952 hcw85cir - ok
20:41:14.0541 4952 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
20:41:14.0599 4952 HdAudAddService - ok
20:41:14.0635 4952 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:41:14.0679 4952 HDAudBus - ok
20:41:14.0703 4952 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:41:14.0723 4952 HidBatt - ok
20:41:14.0753 4952 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:41:14.0807 4952 HidBth - ok
20:41:14.0843 4952 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:41:14.0884 4952 HidIr - ok
20:41:14.0921 4952 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
20:41:14.0991 4952 HidUsb - ok
20:41:15.0053 4952 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
20:41:15.0075 4952 HpSAMD - ok
20:41:15.0166 4952 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
20:41:15.0236 4952 HTTP - ok
20:41:15.0256 4952 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
20:41:15.0273 4952 hwpolicy - ok
20:41:15.0423 4952 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:41:15.0466 4952 i8042prt - ok
20:41:15.0543 4952 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
20:41:15.0573 4952 iaStor - ok
20:41:15.0716 4952 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
20:41:15.0773 4952 iaStorV - ok
20:41:16.0000 4952 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101217.001\IDSvia64.sys
20:41:16.0039 4952 IDSVia64 - ok
20:41:16.0309 4952 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
20:41:16.0580 4952 igfx - ok
20:41:16.0680 4952 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:41:16.0707 4952 iirsp - ok
20:41:16.0806 4952 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:41:16.0879 4952 Impcd - ok
20:41:16.0989 4952 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\windows\system32\drivers\RTKVHD64.sys
20:41:17.0056 4952 IntcAzAudAddService - ok
20:41:17.0177 4952 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
20:41:17.0208 4952 intelide - ok
20:41:17.0234 4952 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:41:17.0266 4952 intelppm - ok
20:41:17.0317 4952 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:41:17.0390 4952 IpFilterDriver - ok
20:41:17.0417 4952 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:41:17.0447 4952 IPMIDRV - ok
20:41:17.0464 4952 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:41:17.0509 4952 IPNAT - ok
20:41:17.0550 4952 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:41:17.0575 4952 IRENUM - ok
20:41:17.0598 4952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
20:41:17.0618 4952 isapnp - ok
20:41:17.0634 4952 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
20:41:17.0660 4952 iScsiPrt - ok
20:41:17.0676 4952 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:41:17.0694 4952 kbdclass - ok
20:41:17.0716 4952 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
20:41:17.0750 4952 kbdhid - ok
20:41:17.0777 4952 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
20:41:17.0798 4952 KSecDD - ok
20:41:17.0831 4952 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
20:41:17.0868 4952 KSecPkg - ok
20:41:17.0901 4952 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:41:17.0985 4952 ksthunk - ok
20:41:18.0038 4952 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:41:18.0122 4952 lltdio - ok
20:41:18.0171 4952 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:41:18.0208 4952 LSI_FC - ok
20:41:18.0227 4952 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:41:18.0246 4952 LSI_SAS - ok
20:41:18.0265 4952 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:41:18.0284 4952 LSI_SAS2 - ok
20:41:18.0308 4952 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:41:18.0327 4952 LSI_SCSI - ok
20:41:18.0376 4952 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:41:18.0477 4952 luafv - ok
20:41:18.0532 4952 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:41:18.0552 4952 megasas - ok
20:41:18.0574 4952 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:41:18.0603 4952 MegaSR - ok
20:41:18.0645 4952 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:41:18.0745 4952 Modem - ok
20:41:18.0811 4952 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:41:18.0871 4952 monitor - ok
20:41:18.0946 4952 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:41:18.0978 4952 mouclass - ok
20:41:19.0027 4952 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:41:19.0097 4952 mouhid - ok
20:41:19.0125 4952 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
20:41:19.0149 4952 mountmgr - ok
20:41:19.0219 4952 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
20:41:19.0252 4952 MpFilter - ok
20:41:19.0274 4952 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
20:41:19.0294 4952 mpio - ok
20:41:19.0314 4952 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
20:41:19.0331 4952 MpNWMon - ok
20:41:19.0347 4952 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:41:19.0407 4952 mpsdrv - ok
20:41:19.0430 4952 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
20:41:19.0468 4952 MRxDAV - ok
20:41:19.0505 4952 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
20:41:19.0558 4952 mrxsmb - ok
20:41:19.0596 4952 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:41:19.0651 4952 mrxsmb10 - ok
20:41:19.0670 4952 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:41:19.0694 4952 mrxsmb20 - ok
20:41:19.0720 4952 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
20:41:19.0738 4952 msahci - ok
20:41:19.0760 4952 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
20:41:19.0781 4952 msdsm - ok
20:41:19.0802 4952 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:41:19.0861 4952 Msfs - ok
20:41:19.0890 4952 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:41:19.0968 4952 mshidkmdf - ok
20:41:19.0990 4952 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
20:41:20.0006 4952 msisadrv - ok
20:41:20.0044 4952 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:41:20.0088 4952 MSKSSRV - ok
20:41:20.0130 4952 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:41:20.0178 4952 MSPCLOCK - ok
20:41:20.0198 4952 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:41:20.0255 4952 MSPQM - ok
20:41:20.0282 4952 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
20:41:20.0305 4952 MsRPC - ok
20:41:20.0326 4952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:41:20.0344 4952 mssmbios - ok
20:41:20.0379 4952 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:41:20.0439 4952 MSTEE - ok
20:41:20.0460 4952 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:41:20.0479 4952 MTConfig - ok
20:41:20.0500 4952 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:41:20.0518 4952 Mup - ok
20:41:20.0604 4952 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:41:20.0677 4952 NativeWifiP - ok
20:41:20.0824 4952 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\ENG64.SYS
20:41:20.0850 4952 NAVENG - ok
20:41:20.0984 4952 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\EX64.SYS
20:41:21.0034 4952 NAVEX15 - ok
20:41:21.0191 4952 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
20:41:21.0244 4952 NDIS - ok
20:41:21.0357 4952 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:41:21.0455 4952 NdisCap - ok
20:41:21.0477 4952 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:41:21.0532 4952 NdisTapi - ok
20:41:21.0556 4952 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
20:41:21.0609 4952 Ndisuio - ok
20:41:21.0624 4952 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
20:41:21.0723 4952 NdisWan - ok
20:41:21.0746 4952 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
20:41:21.0791 4952 NDProxy - ok
20:41:21.0831 4952 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:41:21.0884 4952 NetBIOS - ok
20:41:21.0904 4952 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
20:41:21.0989 4952 NetBT - ok
20:41:22.0021 4952 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:41:22.0041 4952 nfrd960 - ok
20:41:22.0108 4952 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:41:22.0141 4952 NisDrv - ok
20:41:22.0219 4952 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:41:22.0287 4952 Npfs - ok
20:41:22.0302 4952 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:41:22.0345 4952 nsiproxy - ok
20:41:22.0409 4952 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
20:41:22.0464 4952 Ntfs - ok
20:41:22.0500 4952 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:41:22.0557 4952 Null - ok
20:41:22.0594 4952 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
20:41:22.0626 4952 nvraid - ok
20:41:22.0659 4952 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
20:41:22.0695 4952 nvstor - ok
20:41:22.0708 4952 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
20:41:22.0730 4952 nv_agp - ok
20:41:22.0779 4952 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
20:41:22.0814 4952 ohci1394 - ok
20:41:22.0886 4952 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:41:22.0924 4952 Parport - ok
20:41:22.0943 4952 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
20:41:22.0962 4952 partmgr - ok
20:41:22.0987 4952 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
20:41:23.0008 4952 pci - ok
20:41:23.0026 4952 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
20:41:23.0043 4952 pciide - ok
20:41:23.0076 4952 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:41:23.0116 4952 pcmcia - ok
20:41:23.0141 4952 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:41:23.0162 4952 pcw - ok
20:41:23.0203 4952 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:41:23.0266 4952 PEAUTH - ok
20:41:23.0335 4952 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
20:41:23.0407 4952 PptpMiniport - ok
20:41:23.0425 4952 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:41:23.0456 4952 Processor - ok
20:41:23.0511 4952 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
20:41:23.0588 4952 Psched - ok
20:41:23.0644 4952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:41:23.0703 4952 ql2300 - ok
20:41:23.0724 4952 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:41:23.0745 4952 ql40xx - ok
20:41:23.0768 4952 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:41:23.0791 4952 QWAVEdrv - ok
20:41:23.0814 4952 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:41:23.0857 4952 RasAcd - ok
20:41:23.0899 4952 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:41:23.0976 4952 RasAgileVpn - ok
20:41:24.0003 4952 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
20:41:24.0117 4952 Rasl2tp - ok
20:41:24.0149 4952 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:41:24.0206 4952 RasPppoe - ok
20:41:24.0227 4952 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:41:24.0292 4952 RasSstp - ok
20:41:24.0312 4952 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
20:41:24.0371 4952 rdbss - ok
20:41:24.0393 4952 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:41:24.0486 4952 rdpbus - ok
20:41:24.0527 4952 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:41:24.0627 4952 RDPCDD - ok
20:41:24.0649 4952 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:41:24.0690 4952 RDPENCDD - ok
20:41:24.0707 4952 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:41:24.0761 4952 RDPREFMP - ok
20:41:24.0778 4952 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
20:41:24.0832 4952 RDPWD - ok
20:41:24.0870 4952 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
20:41:24.0892 4952 rdyboost - ok
20:41:24.0943 4952 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:41:24.0984 4952 RFCOMM - ok
20:41:25.0029 4952 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:41:25.0112 4952 rspndr - ok
20:41:25.0153 4952 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
20:41:25.0207 4952 RTL8167 - ok
20:41:25.0322 4952 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
20:41:25.0375 4952 rtport - ok
20:41:25.0503 4952 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
20:41:25.0546 4952 SABI - ok
20:41:25.0583 4952 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
20:41:25.0614 4952 sbp2port - ok
20:41:25.0642 4952 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
20:41:25.0749 4952 scfilter - ok
20:41:25.0780 4952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:41:25.0835 4952 secdrv - ok
20:41:25.0873 4952 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:41:25.0944 4952 Serenum - ok
20:41:25.0972 4952 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:41:26.0019 4952 Serial - ok
20:41:26.0043 4952 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:41:26.0077 4952 sermouse - ok
20:41:26.0110 4952 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
20:41:26.0183 4952 sffdisk - ok
20:41:26.0193 4952 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:41:26.0223 4952 sffp_mmc - ok
20:41:26.0232 4952 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
20:41:26.0258 4952 sffp_sd - ok
20:41:26.0285 4952 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:41:26.0325 4952 sfloppy - ok
20:41:26.0427 4952 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
20:41:26.0476 4952 Sftfs - ok
20:41:26.0505 4952 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:41:26.0526 4952 Sftplay - ok
20:41:26.0549 4952 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:41:26.0564 4952 Sftredir - ok
20:41:26.0581 4952 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
20:41:26.0596 4952 Sftvol - ok
20:41:26.0635 4952 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:41:26.0652 4952 SiSRaid2 - ok
20:41:26.0704 4952 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:41:26.0724 4952 SiSRaid4 - ok
20:41:26.0758 4952 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:41:26.0825 4952 Smb - ok
20:41:26.0858 4952 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:41:26.0878 4952 spldr - ok
20:41:26.0992 4952 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
20:41:27.0042 4952 SRTSP - ok
20:41:27.0066 4952 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
20:41:27.0082 4952 SRTSPX - ok
20:41:27.0121 4952 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
20:41:27.0159 4952 srv - ok
20:41:27.0191 4952 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
20:41:27.0252 4952 srv2 - ok
20:41:27.0315 4952 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
20:41:27.0365 4952 srvnet - ok
20:41:27.0409 4952 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:41:27.0428 4952 stexstor - ok
20:41:27.0471 4952 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:41:27.0490 4952 swenum - ok
20:41:27.0548 4952 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
20:41:27.0586 4952 SymDS - ok
20:41:27.0648 4952 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
20:41:27.0695 4952 SymEFA - ok
20:41:27.0737 4952 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:41:27.0774 4952 SymEvent - ok
20:41:27.0807 4952 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
20:41:27.0824 4952 SymIRON - ok
20:41:27.0854 4952 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
20:41:27.0879 4952 SymNetS - ok
20:41:27.0947 4952 SynTP (14feb5052837d9277520088dce549036) C:\windows\system32\DRIVERS\SynTP.sys
20:41:27.0995 4952 SynTP - ok
20:41:28.0133 4952 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
20:41:28.0197 4952 Tcpip - ok
20:41:28.0320 4952 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
20:41:28.0372 4952 TCPIP6 - ok
20:41:28.0461 4952 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
20:41:28.0519 4952 tcpipreg - ok
20:41:28.0534 4952 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:41:28.0583 4952 TDPIPE - ok
20:41:28.0603 4952 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:41:28.0662 4952 TDTCP - ok
20:41:28.0679 4952 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
20:41:28.0735 4952 tdx - ok
20:41:28.0751 4952 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
20:41:28.0769 4952 TermDD - ok
20:41:28.0803 4952 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
20:41:28.0864 4952 tssecsrv - ok
20:41:28.0902 4952 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
20:41:28.0974 4952 tunnel - ok
20:41:29.0012 4952 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\windows\system32\DRIVERS\TurboB.sys
20:41:29.0032 4952 TurboB - ok
20:41:29.0084 4952 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:41:29.0123 4952 uagp35 - ok
20:41:29.0165 4952 udfs (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys
20:41:29.0208 4952 udfs - ok
20:41:29.0295 4952 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
20:41:29.0331 4952 uliagpkx - ok
20:41:29.0373 4952 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
20:41:29.0422 4952 umbus - ok
20:41:29.0442 4952 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:41:29.0488 4952 UmPass - ok
20:41:29.0518 4952 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
20:41:29.0566 4952 usbccgp - ok
20:41:29.0599 4952 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
20:41:29.0642 4952 usbcir - ok
20:41:29.0666 4952 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
20:41:29.0702 4952 usbehci - ok
20:41:29.0728 4952 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
20:41:29.0768 4952 usbhub - ok
20:41:29.0795 4952 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
20:41:29.0837 4952 usbohci - ok
20:41:29.0868 4952 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:41:29.0897 4952 usbprint - ok
20:41:29.0920 4952 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:41:29.0950 4952 usbscan - ok
20:41:29.0989 4952 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\drivers\USBSTOR.SYS
20:41:30.0044 4952 USBSTOR - ok
20:41:30.0078 4952 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
20:41:30.0098 4952 usbuhci - ok
20:41:30.0161 4952 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
20:41:30.0215 4952 usbvideo - ok
20:41:30.0266 4952 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
20:41:30.0288 4952 vdrvroot - ok
20:41:30.0308 4952 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:41:30.0336 4952 vga - ok
20:41:30.0354 4952 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:41:30.0409 4952 VgaSave - ok
20:41:30.0429 4952 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
20:41:30.0451 4952 vhdmp - ok
20:41:30.0473 4952 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
20:41:30.0490 4952 viaide - ok
20:41:30.0508 4952 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
20:41:30.0526 4952 volmgr - ok
20:41:30.0546 4952 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
20:41:30.0571 4952 volmgrx - ok
20:41:30.0588 4952 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
20:41:30.0611 4952 volsnap - ok
20:41:30.0641 4952 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:41:30.0664 4952 vsmraid - ok
20:41:30.0679 4952 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:41:30.0703 4952 vwifibus - ok
20:41:30.0737 4952 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:41:30.0779 4952 vwififlt - ok
20:41:30.0808 4952 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:41:30.0838 4952 WacomPen - ok
20:41:30.0870 4952 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:41:30.0926 4952 WANARP - ok
20:41:30.0930 4952 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:41:30.0975 4952 Wanarpv6 - ok
20:41:30.0996 4952 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:41:31.0014 4952 Wd - ok
20:41:31.0043 4952 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:41:31.0074 4952 Wdf01000 - ok
20:41:31.0118 4952 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:41:31.0165 4952 WfpLwf - ok
20:41:31.0183 4952 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:41:31.0202 4952 WIMMount - ok
20:41:31.0259 4952 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:41:31.0278 4952 WmiAcpi - ok
20:41:31.0313 4952 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:41:31.0367 4952 ws2ifsl - ok
20:41:31.0398 4952 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
20:41:31.0450 4952 WudfPf - ok
20:41:31.0474 4952 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
20:41:31.0525 4952 WUDFRd - ok
20:41:31.0582 4952 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys
20:41:31.0646 4952 yukonw7 - ok
20:41:31.0695 4952 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
20:41:31.0949 4952 \Device\Harddisk0\DR0 - ok
20:41:31.0954 4952 Boot (0x1200) (ffaedfde4178abf2da5e4945d4a562ad) \Device\Harddisk0\DR0\Partition0
20:41:31.0955 4952 \Device\Harddisk0\DR0\Partition0 - ok
20:41:31.0981 4952 Boot (0x1200) (74f258e78f0f15d828b38adfff7417de) \Device\Harddisk0\DR0\Partition1
20:41:31.0983 4952 \Device\Harddisk0\DR0\Partition1 - ok
20:41:32.0003 4952 Boot (0x1200) (a084a3037a0a4f3bd56b310adf974e64) \Device\Harddisk0\DR0\Partition2
20:41:32.0004 4952 \Device\Harddisk0\DR0\Partition2 - ok
20:41:32.0005 4952 ============================================================
20:41:32.0005 4952 Scan finished
20:41:32.0005 4952 ============================================================
20:41:32.0018 4092 Detected object count: 0
20:41:32.0018 4092 Actual detected object count: 0
Geändert von cosinus (25.10.2011 um 19:44 Uhr) Grund: Bitte in CODE-Tags posten!! |
|
25.10.2011, 19:44
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Link über Facebook geöffnet, Virus? Poste die Logs bitte in CODE-Tags! Keine PHP- oder TABLE- oder sonstwas Tags! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2011, 20:01
| #13 |
| | Link über Facebook geöffnet, Virus? Sorry wegen der Tabelle. Code:
ATTFilter ComboFix 11-10-25.04 - Toni 25.10.2011 20:52:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3946.2716 [GMT 2:00]
ausgeführt von:: c:\users\Toni\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-25 bis 2011-10-25 ))))))))))))))))))))))))))))))
.
.
2011-10-25 18:57 . 2011-10-25 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 18:05 . 2011-10-25 18:05 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9429F92D-DD90-4101-B45A-EBB7F09C9132}\offreg.dll
2011-10-25 18:05 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9429F92D-DD90-4101-B45A-EBB7F09C9132}\mpengine.dll
2011-10-25 17:51 . 2011-10-25 17:51 -------- d-----w- C:\_OTL
2011-10-24 21:57 . 2011-10-24 21:57 -------- d-----w- c:\users\Toni\AppData\Local\Zattoo
2011-10-24 21:56 . 2011-10-24 21:57 -------- d-----w- c:\program files (x86)\Zattoo4
2011-10-24 18:01 . 2011-10-24 18:01 -------- d-----w- c:\users\Toni\AppData\Local\ElevatedDiagnostics
2011-10-24 17:18 . 2011-10-24 17:18 -------- d-----w- c:\program files (x86)\ESET
2011-10-23 09:49 . 2011-10-23 09:49 -------- d-----w- c:\users\Toni\AppData\Roaming\Malwarebytes
2011-10-23 09:49 . 2011-10-23 09:49 -------- d-----w- c:\programdata\Malwarebytes
2011-10-23 09:49 . 2011-10-23 09:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-23 09:49 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-19 14:47 . 2011-10-19 14:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-14 19:54 . 2011-10-19 14:49 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-10-14 19:43 . 2011-10-14 19:43 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-10-14 19:43 . 2011-10-14 19:43 -------- d-----w- c:\users\Toni\AppData\Local\Microsoft Help
2011-10-14 19:42 . 2011-10-19 15:10 -------- d-----w- c:\programdata\Microsoft Help
2011-10-13 18:36 . 2011-10-13 18:36 -------- d-----w- c:\users\Toni\AppData\Roaming\OpenOffice.org
2011-10-13 18:01 . 2011-10-13 18:01 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-10-13 18:00 . 2011-10-13 18:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-13 18:00 . 2011-10-13 17:59 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-13 18:00 . 2011-10-13 17:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-13 17:59 . 2011-10-13 17:59 -------- d-----w- c:\program files (x86)\Java
2011-10-12 15:19 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 16:20 . 2011-10-11 16:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AE80953-C2B3-49B1-80D4-874E53EEC9D1}\gapaengine.dll
2011-09-27 17:36 . 2011-09-27 17:36 -------- d-----w- c:\programdata\EA Core
2011-09-27 17:24 . 2008-07-31 08:41 72200 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-09-27 17:24 . 2008-07-31 08:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-09-27 17:24 . 2008-07-31 08:40 513544 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-09-27 17:24 . 2008-07-31 08:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-09-27 17:24 . 2008-07-31 08:41 238088 ----a-w- c:\windows\SysWow64\xactengine3_2.dll
2011-09-27 17:24 . 2008-07-31 08:41 177672 ----a-w- c:\windows\system32\xactengine3_2.dll
2011-09-27 16:34 . 2011-09-27 16:34 -------- d-----w- c:\users\Toni\AppData\Roaming\Origin
2011-09-27 16:34 . 2011-09-27 16:34 -------- d-----w- c:\users\Toni\AppData\Local\Origin
2011-09-27 16:32 . 2011-09-27 16:32 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-27 16:31 . 2011-10-25 17:51 -------- d-----w- c:\program files (x86)\Origin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 21:57 . 2011-08-29 21:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 04:16 . 2011-07-01 07:48 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe [2010-8-17 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101217.001\IDSvia64.sys [2010-11-09 476792]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-21 132656]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 20322504
*Deregistered* - 20322504
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 17:58]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 17:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-14 11046504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page =
IE: Free YouTube Download - c:\users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_2_3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: general.useragent.extra.brc -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-76830181-1066914796-2057996457-1000\Software\SecuROM\License information*]
"datasecu"=hex:b2,dd,33,b2,a2,bc,64,af,ef,6b,31,39,1b,4f,02,f0,98,c5,27,4e,9b,
38,13,46,42,41,07,f6,e4,35,c7,8f,cc,6c,f1,83,0e,91,50,a8,1a,b9,9c,ba,66,bf,\
"rkeysecu"=hex:cb,f8,01,a7,23,53,09,88,d4,85,e8,cf,9a,a6,65,f2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-10-25 20:59:16
ComboFix-quarantined-files.txt 2011-10-25 18:59
.
Vor Suchlauf: 10 Verzeichnis(se), 18.668.535.808 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 18.304.630.784 Bytes frei
.
- - End Of File - - 43EF09D6A7B5C721B8538682118DAC1A
|
|
26.10.2011, 09:32
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Link über Facebook geöffnet, Virus?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2011, 17:47
| #15 |
| | Link über Facebook geöffnet, Virus? Guten Abend habe Norton deinstalliert. Dachte doppelt hält besser.  Wie siehts wegen den Schädlingen aus? |
|
| Themen zu Link über Facebook geöffnet, Virus? |
| ahnung, angst, ausgespäht, compu, computer, computern, daten, dauernd, dinge, ebanking, ebay, email, essen, facebook, folge, folgenden, folgendes, laufe, link, logfiles, meldungen, microsoft, microsoft security, microsoft security essentials, onlinebanking, scan, security, virus, virus?, wenig, wenig ahnung |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
