| |
| |||||||
Log-Analyse und Auswertung: auch sirefef.o auf dem ComputerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.10.2011, 14:04
| #31 |
 |  auch sirefef.o auf dem Computer selbes Problem wie vorhin, jetzt auf dem Desktop halber Dutzend durchsichtige Dateien die mit ~$ anfangen und dort eigentlich nix zu suchen haben. |
|
28.10.2011, 14:17
| #32 |
| | auch sirefef.o auf dem Computer Internet seiten wie Wikipaedia oder Spiegel online sehen ganz ungewöhlich strukturiert aus, mit fehlenden bilden und rubriken
__________________ |
|
28.10.2011, 14:35
| #33 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | auch sirefef.o auf dem Computer Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:
__________________1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten Mach danach wieder ein neues OTL-Log.
__________________ |
|
28.10.2011, 15:14
| #34 |
| | auch sirefef.o auf dem Computer Also wie schon erwähn das Antivirus (Sophos) hat bei mir nach dem Trojanerbefall nicht mehr funktioniert. Beim Versuch es zu deinstallieren bleiben manche Dateien üblrig die sich nicht löschen lassen. Das Programm lässt sich auch nicht neu installieren, angeblich Berechtigungsprobleme. Die Zip datei habe ich hochgeladen und einen neuen Quickscan mit OTL durchgeführt. Es folgt das Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2011 15:55:49 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\s.chaitidou\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,12% Memory free 6,19 Gb Paging File | 5,07 Gb Available in Paging File | 81,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 289,21 Gb Total Space | 137,47 Gb Free Space | 47,53% Space Free | Partition Type: NTFS Computer Name: SOUCHAITIDOU | User Name: s.chaitidou | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.27 21:32:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s.chaitidou\Desktop\OTL.exe PRC - [2011.10.05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2011.10.05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe PRC - [2011.10.05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2011.10.05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2011.10.05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2011.09.16 16:51:28 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2011.09.09 18:09:37 | 000,523,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2011.10.05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2011.04.20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2006.10.01 21:49:16 | 000,389,120 | ---- | M] () -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll ========== Win32 Services (SafeList) ========== SRV - [2011.10.05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService) SRV - [2011.10.05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService) SRV - [2011.10.05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService) SRV - [2011.10.05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService) SRV - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.09.16 16:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2008.07.28 14:55:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2008.06.27 21:01:36 | 000,299,008 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2008.06.19 19:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008.06.19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2008.06.11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2008.06.11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2008.05.22 14:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2008.05.20 19:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms) SRV - [2008.05.20 19:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp) SRV - [2008.05.20 19:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs) SRV - [2008.05.20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2008.05.20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2008.05.20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2011.10.05 15:45:46 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver) DRV - [2011.09.12 07:14:39 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2011.09.09 18:00:05 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.09.09 17:59:19 | 000,057,000 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux) DRV - [2011.09.09 17:59:19 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsint.sys -- (acsint) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.02.10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.07.11 16:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008.07.04 02:04:22 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008.06.20 02:03:46 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008.06.20 02:03:15 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.06.07 02:12:59 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.07 02:03:46 | 007,478,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.03.10 13:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks ) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:50:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 10:43:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008.12.16 01:28:05 | 000,000,000 | ---D | M] [2011.02.02 13:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Extensions [2011.10.26 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Firefox\Profiles\ucs85htw.default\extensions [2011.10.16 18:18:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Firefox\Profiles\ucs85htw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.25 10:03:14 | 000,000,000 | ---D | M] (SBSH SafeWallet FireFox Extension) -- C:\Users\s.chaitidou\AppData\Roaming\mozilla\Firefox\Profiles\ucs85htw.default\extensions\sbshsafewallet@sbsh.net [2011.07.02 13:28:43 | 000,002,399 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Mozilla\Firefox\Profiles\ucs85htw.default\searchplugins\askcom.xml [2011.09.27 13:41:08 | 000,000,925 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Mozilla\Firefox\Profiles\ucs85htw.default\searchplugins\conduit.xml [2011.08.13 09:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.03 21:34:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.08.13 09:39:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\S.CHAITIDOU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCS85HTW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009.09.02 07:18:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.09.30 08:50:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.09.30 08:50:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.30 08:50:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.30 08:50:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.30 08:50:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.30 08:50:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.30 08:50:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.27 10:30:53 | 000,433,294 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Scan | Free Anti Virus | Bitdefender | Malware | Avast | Avg | Spyware Removal | Adware at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14939 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - Startup: C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B0FA6DF-2DBD-49AF-AA28-B4DA2BA7C1E2}: Domain = uni-muenchen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B0FA6DF-2DBD-49AF-AA28-B4DA2BA7C1E2}: NameServer = 10.156.33.53,129.187.5.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A99D5DC5-A0E5-4BA5-B946-AA9DECB81D95}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA1E672A-8DF7-4313-8E7A-D0EFDB9324B8}: DhcpNameServer = 138.245.16.100 138.245.175.249 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean.exe) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.28 12:16:09 | 000,000,000 | ---D | C] -- C:\_OTL [2011.10.27 21:32:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\s.chaitidou\Desktop\OTL.exe [2011.10.27 15:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.10.27 14:59:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\s.chaitidou\Desktop\esetsmartinstaller_enu.exe [2011.10.27 09:11:44 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\Malwarebytes [2011.10.27 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.27 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.27 09:11:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.27 09:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.10.27 09:09:28 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\s.chaitidou\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.26 16:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2011.10.26 16:52:03 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2011.10.26 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\Documents\Backups [2011.10.26 15:10:40 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\Priotecs [2011.10.26 14:21:50 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\PeerNetworking [2011.10.26 13:19:54 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\temp [2011.10.26 13:10:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.10.26 13:07:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.10.26 12:41:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.10.26 12:41:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.10.26 12:41:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.10.26 12:40:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.10.26 12:35:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.10.26 12:34:59 | 004,275,391 | R--- | C] (Swearware) -- C:\Users\s.chaitidou\Desktop\ComboFix.exe [2011.10.26 12:03:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.10.26 11:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTweak Software [2011.10.26 11:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\FixMyRegistry [2011.10.26 11:11:36 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\PackageAware [2011.10.25 15:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5 [2011.10.25 15:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5 [2011.10.22 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\memocard [2011.10.22 14:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\MemoCard [2011.10.22 14:06:44 | 000,000,000 | ---D | C] -- C:\Windows\uninstall [2011.10.22 12:44:16 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\.anki [2011.10.21 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Roaming\vlc [2011.10.21 00:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.10.19 15:08:20 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011.10.13 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2011.10.12 15:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.10.12 15:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.10.12 15:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.10.12 15:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.10.12 11:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\proSoft24 [2011.10.12 11:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ProSoft24 [2011.10.12 11:04:16 | 000,000,000 | ---D | C] -- C:\Users\s.chaitidou\AppData\Local\Conduit [2011.10.05 19:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2011.09.30 17:49:40 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.09.30 17:49:40 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [1 C:\Users\s.chaitidou\Desktop\*.tmp files -> C:\Users\s.chaitidou\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.28 15:46:43 | 000,057,769 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.10.28 15:46:43 | 000,057,769 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.10.28 15:46:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.28 15:00:33 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.10.28 14:57:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2011.10.28 14:55:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.10.28 14:55:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.28 14:55:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.28 14:55:35 | 3218,059,264 | -HS- | M] () -- C:\hiberfil.sys [2011.10.28 14:54:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.10.27 21:32:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\s.chaitidou\Desktop\OTL.exe [2011.10.27 18:00:05 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2011.10.27 14:59:34 | 002,322,184 | ---- | M] (ESET) -- C:\Users\s.chaitidou\Desktop\esetsmartinstaller_enu.exe [2011.10.27 14:38:07 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2011.10.27 14:35:48 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2011.10.27 10:30:53 | 000,433,294 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.10.27 09:11:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.27 09:09:35 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\s.chaitidou\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.26 16:52:07 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2011.10.26 16:06:44 | 000,036,176 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\3.jpg [2011.10.26 16:05:41 | 000,038,295 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\2.jpg [2011.10.26 16:03:05 | 000,038,140 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\1.jpg [2011.10.26 14:38:15 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.26 14:38:15 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.26 14:38:15 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.26 14:38:15 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.26 14:21:50 | 000,025,773 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\UserTile.png [2011.10.26 13:42:51 | 086,714,064 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\savw_97_sa_sfx.exe [2011.10.26 13:22:56 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2011.10.26 13:10:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111027-103053.backup [2011.10.26 12:41:09 | 004,275,391 | R--- | M] (Swearware) -- C:\Users\s.chaitidou\Desktop\ComboFix.exe [2011.10.26 12:08:58 | 000,419,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.26 11:04:04 | 000,000,082 | ---- | M] () -- C:\Windows\System32\lexiko.ini [2011.10.26 10:21:35 | 000,001,875 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\POLYLEX - Verknüpfung.lnk [2011.10.25 15:01:07 | 000,000,741 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\Guitar Pro 5.lnk [2011.10.23 10:34:13 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job [2011.10.22 17:20:53 | 000,000,927 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.10.21 00:36:00 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.10.16 18:18:09 | 000,001,191 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\Free YouTube to MP3 Converter.lnk [2011.10.13 23:13:45 | 339,646,871 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.10.13 11:31:02 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2011.10.12 15:21:16 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.10.11 23:06:18 | 000,085,504 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.04 12:25:55 | 000,043,330 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\Doktorarbeit Sarkome.enl [2011.10.04 09:31:20 | 000,001,356 | ---- | M] () -- C:\Users\s.chaitidou\AppData\Local\d3d9caps.dat [2011.09.30 09:12:04 | 000,002,192 | ---- | M] () -- C:\Users\s.chaitidou\Desktop\FileMaker Pro - Verknüpfung.lnk [1 C:\Users\s.chaitidou\Desktop\*.tmp files -> C:\Users\s.chaitidou\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.27 09:11:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.26 16:52:17 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2011.10.26 16:52:16 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2011.10.26 16:52:16 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2011.10.26 16:52:07 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2011.10.26 16:52:07 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2011.10.26 16:06:44 | 000,036,176 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\3.jpg [2011.10.26 16:05:41 | 000,038,295 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\2.jpg [2011.10.26 16:03:05 | 000,038,140 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\1.jpg [2011.10.26 14:21:50 | 000,025,773 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Roaming\UserTile.png [2011.10.26 13:40:47 | 086,714,064 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\savw_97_sa_sfx.exe [2011.10.26 12:41:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.10.26 12:41:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.10.26 12:41:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.10.26 12:41:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.10.26 12:41:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.10.26 10:21:05 | 000,001,875 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\POLYLEX - Verknüpfung.lnk [2011.10.25 15:01:07 | 000,000,741 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\Guitar Pro 5.lnk [2011.10.22 17:20:53 | 000,000,927 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.10.21 00:36:00 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.10.16 18:18:09 | 000,001,191 | ---- | C] () -- C:\Users\s.chaitidou\Desktop\Free YouTube to MP3 Converter.lnk [2011.10.13 23:13:45 | 339,646,871 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.10.12 15:21:16 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.05.19 19:03:09 | 000,140,388 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.01.20 20:51:14 | 000,004,096 | -H-- | C] () -- C:\Users\s.chaitidou\AppData\Local\keyfile3.drm [2010.10.24 23:00:24 | 000,000,082 | ---- | C] () -- C:\Windows\System32\lexiko.ini [2010.10.20 20:07:08 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.10.20 20:07:07 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7030.DAT [2010.10.20 19:01:35 | 000,000,111 | ---- | C] () -- C:\Windows\telephon.ini [2010.08.13 23:09:42 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2010.04.23 10:51:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010.04.23 10:42:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.04.23 10:40:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.03.09 14:59:19 | 000,000,118 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Roaming\wklnhst.dat [2009.01.15 20:34:36 | 000,085,504 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.02 04:06:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.29 18:40:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.11.23 13:27:02 | 000,001,356 | ---- | C] () -- C:\Users\s.chaitidou\AppData\Local\d3d9caps.dat [2008.10.12 02:42:35 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2008.10.12 02:34:49 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll [2008.10.12 02:10:58 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.07.28 21:59:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.07.28 12:57:50 | 000,057,769 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.07.28 12:57:48 | 000,057,769 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.28 12:48:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.01.21 09:15:58 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,127,464 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,419,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2011.10.22 12:48:04 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\.anki [2009.05.21 11:56:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DriverCure [2011.10.28 15:00:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox [2011.10.16 18:18:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoft [2011.06.26 21:40:47 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.01 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\EndNote [2010.08.04 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\FileMaker [2010.08.29 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\gtk-2.0 [2011.10.26 14:21:50 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\PeerNetworking [2011.10.26 15:10:40 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Priotecs [2011.05.06 19:36:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\SBSH SafeWallet [2011.09.19 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Sync App Settings [2009.03.09 14:59:22 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Template [2011.05.20 07:09:32 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\TuneUp Software [2011.10.28 14:57:04 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job [2011.10.27 18:00:05 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job [2011.10.23 10:34:13 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job [2011.10.27 14:35:48 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job [2011.10.27 14:38:07 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job [2011.10.28 14:54:33 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.10.26 13:22:56 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.22 12:48:04 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\.anki [2010.10.21 20:18:24 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Adobe [2011.08.13 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Apple Computer [2008.12.02 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\ArcSoft [2010.10.24 12:52:19 | 000,000,000 | R--D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Brother [2010.01.26 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DivX [2009.05.21 11:56:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DriverCure [2011.10.28 15:00:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox [2011.10.16 18:18:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoft [2011.06.26 21:40:47 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.01 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\EndNote [2010.08.04 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\FileMaker [2008.11.29 18:05:51 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Google [2010.08.29 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\gtk-2.0 [2008.01.21 03:43:07 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Identities [2008.10.12 02:06:53 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\InstallShield [2009.04.07 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Intel [2008.10.12 02:25:12 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Macromedia [2011.10.27 09:11:44 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Media Center Programs [2011.09.19 22:53:50 | 000,000,000 | --SD | M] -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft [2011.02.02 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Mozilla [2011.10.26 14:21:50 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\PeerNetworking [2011.10.26 15:10:40 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Priotecs [2011.05.06 19:36:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\SBSH SafeWallet [2011.01.25 22:52:16 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Skype [2011.01.25 22:51:27 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\skypePM [2010.08.05 16:40:04 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Sony Corporation [2011.09.19 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Sync App Settings [2009.03.09 14:59:22 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Template [2011.05.20 07:09:32 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\TuneUp Software [2011.10.21 00:36:29 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\vlc [2008.12.16 01:28:17 | 000,000,000 | ---D | M] -- C:\Users\s.chaitidou\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.05.25 22:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Dropbox\bin\Uninstall.exe [2010.08.05 16:22:42 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\s.chaitidou\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2008.10.12 02:18:36 | 000,010,134 | R--- | M] () -- C:\Users\s.chaitidou\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < > < End of report > |
|
28.10.2011, 19:31
| #35 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | auch sirefef.o auf dem Computer Ich glaub die Datei war zu groß. Lad sie bitte mal hier hoch => File-Upload.net - Ihr kostenloser File Hoster! und verlink es hier
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.10.2011, 20:54
| #36 |
| | auch sirefef.o auf dem Computer Datei wurde hochgeladen download link: File-Upload.net - MovedFiles.zip |
|
28.10.2011, 21:18
| #37 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | auch sirefef.o auf dem Computer Das ist keine Verlinkung. Du musst den kompletten Link posten. Mach aus einem http ein hxxp bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2011, 21:28
| #38 |
| | auch sirefef.o auf dem Computer [danke ich hab die Datei, mach den Link jetzt unkenntliche falls was Persönliches dabei sein sollte //cosinus ] Geändert von cosinus (28.10.2011 um 22:06 Uhr) |
|
28.10.2011, 22:03
| #39 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | auch sirefef.o auf dem Computer Kennst du diesen Ordner auf C: => savw_97_sa Den hab ich versehentlich mitgelöscht, ich denke das ist was Legitimes. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2011, 23:03
| #40 |
| | auch sirefef.o auf dem Computer was du gelöscht hast ist nicht schlimm, das ist von sophos antivirus, was sich eh nicht installieren lässt |
|
29.10.2011, 09:15
| #41 |
| | auch sirefef.o auf dem Computer TDSS Killer Report: 10:09:58.0968 5768 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01 10:10:00.0971 5768 ============================================================ 10:10:00.0972 5768 Current date / time: 2011/10/29 10:10:00.0971 10:10:00.0972 5768 SystemInfo: 10:10:00.0972 5768 10:10:00.0972 5768 OS Version: 6.0.6002 ServicePack: 2.0 10:10:00.0972 5768 Product type: Workstation 10:10:00.0972 5768 ComputerName: SOUCHAITIDOU 10:10:00.0975 5768 UserName: s.chaitidou 10:10:00.0975 5768 Windows directory: C:\Windows 10:10:00.0975 5768 System windows directory: C:\Windows 10:10:00.0975 5768 Processor architecture: Intel x86 10:10:00.0975 5768 Number of processors: 2 10:10:00.0975 5768 Page size: 0x1000 10:10:00.0975 5768 Boot type: Normal boot 10:10:00.0975 5768 ============================================================ 10:10:01.0649 5768 Initialize success 10:12:09.0475 2068 ============================================================ 10:12:09.0475 2068 Scan started 10:12:09.0475 2068 Mode: Manual; SigCheck; TDLFS; 10:12:09.0475 2068 ============================================================ 10:12:09.0880 2068 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 10:12:10.0068 2068 ACPI - ok 10:12:10.0520 2068 acsint (c0a9a0be382321a7a6adfcc4b305f062) C:\Windows\system32\DRIVERS\acsint.sys 10:12:10.0567 2068 acsint - ok 10:12:10.0692 2068 acsmux (9d4b043fa3a628c6f0d56954a71cd726) C:\Windows\system32\DRIVERS\acsmux.sys 10:12:10.0723 2068 acsmux - ok 10:12:10.0863 2068 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 10:12:10.0894 2068 adp94xx - ok 10:12:11.0394 2068 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 10:12:11.0425 2068 adpahci - ok 10:12:12.0158 2068 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 10:12:12.0174 2068 adpu160m - ok 10:12:13.0032 2068 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 10:12:13.0047 2068 adpu320 - ok 10:12:14.0014 2068 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 10:12:14.0155 2068 AFD - ok 10:12:14.0888 2068 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 10:12:14.0919 2068 agp440 - ok 10:12:15.0106 2068 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 10:12:15.0122 2068 aic78xx - ok 10:12:15.0309 2068 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 10:12:15.0325 2068 aliide - ok 10:12:15.0512 2068 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 10:12:15.0543 2068 amdagp - ok 10:12:15.0699 2068 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 10:12:15.0730 2068 amdide - ok 10:12:15.0886 2068 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 10:12:16.0058 2068 AmdK7 - ok 10:12:16.0386 2068 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 10:12:16.0479 2068 AmdK8 - ok 10:12:16.0729 2068 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 10:12:16.0744 2068 arc - ok 10:12:16.0916 2068 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 10:12:16.0932 2068 arcsas - ok 10:12:17.0119 2068 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 10:12:17.0212 2068 AsyncMac - ok 10:12:17.0446 2068 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 10:12:17.0478 2068 atapi - ok 10:12:17.0836 2068 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys 10:12:17.0961 2068 athr - ok 10:12:18.0195 2068 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 10:12:18.0273 2068 Beep - ok 10:12:18.0476 2068 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 10:12:18.0554 2068 blbdrive - ok 10:12:18.0788 2068 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 10:12:18.0850 2068 bowser - ok 10:12:18.0975 2068 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 10:12:19.0116 2068 BrFiltLo - ok 10:12:19.0240 2068 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 10:12:19.0318 2068 BrFiltUp - ok 10:12:19.0365 2068 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 10:12:19.0615 2068 Brserid - ok 10:12:19.0818 2068 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 10:12:19.0974 2068 BrSerWdm - ok 10:12:20.0114 2068 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 10:12:20.0254 2068 BrUsbMdm - ok 10:12:20.0754 2068 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 10:12:20.0878 2068 BrUsbSer - ok 10:12:21.0159 2068 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 10:12:21.0222 2068 BthEnum - ok 10:12:21.0331 2068 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 10:12:21.0487 2068 BTHMODEM - ok 10:12:21.0783 2068 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 10:12:21.0877 2068 BthPan - ok 10:12:22.0173 2068 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 10:12:22.0267 2068 BTHPORT - ok 10:12:22.0438 2068 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 10:12:22.0485 2068 BTHUSB - ok 10:12:22.0688 2068 btwaudio (ed97cd06ef748004b8aac56c2d0aa5db) C:\Windows\system32\drivers\btwaudio.sys 10:12:22.0719 2068 btwaudio - ok 10:12:22.0875 2068 btwavdt (4871b5ed4757197135ff65be61da44b3) C:\Windows\system32\drivers\btwavdt.sys 10:12:22.0891 2068 btwavdt - ok 10:12:23.0062 2068 btwl2cap (6af9fd2aeebdc16a98d3e30e68440c5c) C:\Windows\system32\DRIVERS\btwl2cap.sys 10:12:23.0078 2068 btwl2cap - ok 10:12:23.0203 2068 btwrchid (f5da7df99cf11fcb68e2bea12002f63a) C:\Windows\system32\DRIVERS\btwrchid.sys 10:12:23.0218 2068 btwrchid - ok 10:12:23.0234 2068 catchme - ok 10:12:23.0281 2068 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 10:12:23.0343 2068 cdfs - ok 10:12:23.0530 2068 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 10:12:23.0608 2068 cdrom - ok 10:12:23.0764 2068 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 10:12:23.0842 2068 circlass - ok 10:12:23.0967 2068 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 10:12:23.0983 2068 CLFS - ok 10:12:24.0186 2068 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 10:12:24.0264 2068 CmBatt - ok 10:12:24.0420 2068 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 10:12:24.0435 2068 cmdide - ok 10:12:24.0638 2068 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 10:12:24.0654 2068 Compbatt - ok 10:12:24.0794 2068 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 10:12:24.0810 2068 crcdisk - ok 10:12:24.0872 2068 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 10:12:24.0966 2068 Crusoe - ok 10:12:25.0059 2068 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 10:12:25.0106 2068 CVirtA - ok 10:12:25.0324 2068 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 10:12:25.0402 2068 DfsC - ok 10:12:25.0683 2068 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 10:12:25.0699 2068 disk - ok 10:12:25.0855 2068 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys 10:12:25.0870 2068 DMICall - ok 10:12:26.0026 2068 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 10:12:26.0042 2068 DNE - ok 10:12:26.0260 2068 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 10:12:26.0354 2068 drmkaud - ok 10:12:26.0588 2068 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 10:12:26.0650 2068 DXGKrnl - ok 10:12:26.0760 2068 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 10:12:26.0838 2068 E1G60 - ok 10:12:26.0994 2068 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 10:12:27.0025 2068 Ecache - ok 10:12:27.0306 2068 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 10:12:27.0352 2068 elxstor - ok 10:12:27.0586 2068 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 10:12:27.0664 2068 ErrDev - ok 10:12:27.0820 2068 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 10:12:27.0945 2068 exfat - ok 10:12:28.0132 2068 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 10:12:28.0195 2068 fastfat - ok 10:12:28.0351 2068 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 10:12:28.0429 2068 fdc - ok 10:12:28.0585 2068 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 10:12:28.0616 2068 FileInfo - ok 10:12:28.0678 2068 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 10:12:28.0756 2068 Filetrace - ok 10:12:28.0944 2068 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 10:12:29.0006 2068 flpydisk - ok 10:12:29.0224 2068 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 10:12:29.0271 2068 FltMgr - ok 10:12:29.0474 2068 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 10:12:29.0536 2068 Fs_Rec - ok 10:12:29.0677 2068 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 10:12:29.0692 2068 gagp30kx - ok 10:12:29.0880 2068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:12:29.0895 2068 GEARAspiWDM - ok 10:12:30.0051 2068 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 10:12:30.0192 2068 HdAudAddService - ok 10:12:30.0535 2068 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:12:30.0706 2068 HDAudBus - ok 10:12:30.0894 2068 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 10:12:31.0018 2068 HidBth - ok 10:12:31.0252 2068 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 10:12:31.0330 2068 HidIr - ok 10:12:31.0455 2068 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 10:12:31.0533 2068 HidUsb - ok 10:12:31.0689 2068 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 10:12:31.0705 2068 HpCISSs - ok 10:12:32.0001 2068 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 10:12:32.0095 2068 HSFHWAZL - ok 10:12:32.0344 2068 HSF_DPV (888d170d7fe1f2ab09ed72da4cbd32d1) C:\Windows\system32\DRIVERS\HSX_DPV.sys 10:12:32.0454 2068 HSF_DPV - ok 10:12:32.0766 2068 HSXHWAZL (6734b167529a3542849ccdfeb49ee9f2) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 10:12:32.0812 2068 HSXHWAZL - ok 10:12:33.0015 2068 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 10:12:33.0109 2068 HTTP - ok 10:12:33.0296 2068 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 10:12:33.0327 2068 i2omp - ok 10:12:33.0655 2068 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 10:12:33.0717 2068 i8042prt - ok 10:12:33.0904 2068 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys 10:12:33.0936 2068 iaStor - ok 10:12:34.0138 2068 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 10:12:34.0170 2068 iaStorV - ok 10:12:34.0341 2068 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 10:12:34.0372 2068 iirsp - ok 10:12:34.0840 2068 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys 10:12:34.0965 2068 IntcAzAudAddService - ok 10:12:35.0199 2068 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 10:12:35.0215 2068 intelide - ok 10:12:35.0386 2068 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 10:12:35.0464 2068 intelppm - ok 10:12:35.0667 2068 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:12:35.0761 2068 IpFilterDriver - ok 10:12:36.0026 2068 IpInIp - ok 10:12:36.0244 2068 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 10:12:36.0307 2068 IPMIDRV - ok 10:12:36.0510 2068 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 10:12:36.0588 2068 IPNAT - ok 10:12:36.0775 2068 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 10:12:36.0853 2068 IRENUM - ok 10:12:37.0056 2068 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 10:12:37.0071 2068 isapnp - ok 10:12:37.0258 2068 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 10:12:37.0290 2068 iScsiPrt - ok 10:12:37.0477 2068 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 10:12:37.0492 2068 iteatapi - ok 10:12:37.0726 2068 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 10:12:37.0758 2068 iteraid - ok 10:12:37.0898 2068 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 10:12:37.0929 2068 kbdclass - ok 10:12:37.0960 2068 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 10:12:38.0038 2068 kbdhid - ok 10:12:38.0179 2068 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 10:12:38.0226 2068 KMWDFILTER - ok 10:12:38.0553 2068 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 10:12:38.0600 2068 KSecDD - ok 10:12:38.0865 2068 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 10:12:38.0974 2068 lltdio - ok 10:12:39.0146 2068 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 10:12:39.0177 2068 LSI_FC - ok 10:12:39.0193 2068 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 10:12:39.0208 2068 LSI_SAS - ok 10:12:39.0240 2068 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 10:12:39.0255 2068 LSI_SCSI - ok 10:12:39.0396 2068 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 10:12:39.0427 2068 luafv - ok 10:12:39.0739 2068 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 10:12:39.0754 2068 MBAMProtector - ok 10:12:39.0832 2068 MBAMSwissArmy - ok 10:12:39.0879 2068 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 10:12:39.0926 2068 mdmxsdk - ok 10:12:39.0973 2068 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 10:12:40.0004 2068 megasas - ok 10:12:40.0098 2068 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 10:12:40.0160 2068 MegaSR - ok 10:12:40.0222 2068 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 10:12:40.0300 2068 Modem - ok 10:12:40.0378 2068 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 10:12:40.0472 2068 monitor - ok 10:12:40.0519 2068 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 10:12:40.0550 2068 mouclass - ok 10:12:40.0612 2068 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 10:12:40.0690 2068 mouhid - ok 10:12:40.0722 2068 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 10:12:40.0753 2068 MountMgr - ok 10:12:40.0784 2068 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 10:12:40.0815 2068 mpio - ok 10:12:40.0862 2068 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 10:12:40.0909 2068 mpsdrv - ok 10:12:40.0987 2068 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 10:12:41.0002 2068 Mraid35x - ok 10:12:41.0080 2068 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 10:12:41.0143 2068 MRxDAV - ok 10:12:41.0221 2068 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:12:41.0299 2068 mrxsmb - ok 10:12:41.0392 2068 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:12:41.0439 2068 mrxsmb10 - ok 10:12:41.0517 2068 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:12:41.0564 2068 mrxsmb20 - ok 10:12:41.0673 2068 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 10:12:41.0673 2068 msahci - ok 10:12:41.0736 2068 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 10:12:41.0751 2068 msdsm - ok 10:12:41.0798 2068 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 10:12:41.0845 2068 Msfs - ok 10:12:41.0892 2068 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 10:12:41.0907 2068 msisadrv - ok 10:12:42.0001 2068 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 10:12:42.0063 2068 MSKSSRV - ok 10:12:42.0126 2068 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 10:12:42.0172 2068 MSPCLOCK - ok 10:12:42.0250 2068 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 10:12:42.0297 2068 MSPQM - ok 10:12:42.0375 2068 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 10:12:42.0391 2068 MsRPC - ok 10:12:42.0484 2068 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 10:12:42.0500 2068 mssmbios - ok 10:12:42.0562 2068 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 10:12:42.0625 2068 MSTEE - ok 10:12:42.0672 2068 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 10:12:42.0703 2068 Mup - ok 10:12:42.0781 2068 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 10:12:42.0828 2068 NativeWifiP - ok 10:12:42.0921 2068 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 10:12:42.0984 2068 NDIS - ok 10:12:43.0062 2068 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 10:12:43.0124 2068 NdisTapi - ok 10:12:43.0202 2068 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 10:12:43.0280 2068 Ndisuio - ok 10:12:43.0374 2068 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 10:12:43.0420 2068 NdisWan - ok 10:12:43.0514 2068 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 10:12:43.0561 2068 NDProxy - ok 10:12:43.0639 2068 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys 10:12:43.0701 2068 Netaapl - ok 10:12:43.0779 2068 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 10:12:43.0842 2068 NetBIOS - ok 10:12:43.0966 2068 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 10:12:44.0029 2068 netbt - ok 10:12:44.0247 2068 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 10:12:44.0528 2068 NETw5v32 - ok 10:12:44.0653 2068 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 10:12:44.0668 2068 nfrd960 - ok 10:12:44.0715 2068 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 10:12:44.0762 2068 Npfs - ok 10:12:44.0887 2068 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 10:12:44.0949 2068 nsiproxy - ok 10:12:45.0027 2068 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 10:12:45.0074 2068 Ntfs - ok 10:12:45.0199 2068 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 10:12:45.0308 2068 ntrigdigi - ok 10:12:45.0355 2068 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 10:12:45.0448 2068 Null - ok 10:12:45.0745 2068 nvlddmkm (f5365b576e1f3ec9aec37b1aacada179) C:\Windows\system32\DRIVERS\nvlddmkm.sys 10:12:46.0072 2068 nvlddmkm - ok 10:12:46.0213 2068 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 10:12:46.0228 2068 nvraid - ok 10:12:46.0275 2068 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 10:12:46.0306 2068 nvstor - ok 10:12:46.0400 2068 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 10:12:46.0431 2068 nv_agp - ok 10:12:46.0447 2068 NwlnkFlt - ok 10:12:46.0462 2068 NwlnkFwd - ok 10:12:46.0509 2068 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 10:12:46.0540 2068 ohci1394 - ok 10:12:46.0696 2068 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 10:12:46.0821 2068 Parport - ok 10:12:46.0868 2068 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 10:12:46.0868 2068 partmgr - ok 10:12:46.0977 2068 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 10:12:47.0118 2068 Parvdm - ok 10:12:47.0164 2068 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 10:12:47.0180 2068 pci - ok 10:12:47.0289 2068 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 10:12:47.0305 2068 pciide - ok 10:12:47.0336 2068 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 10:12:47.0367 2068 pcmcia - ok 10:12:47.0445 2068 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 10:12:47.0664 2068 PEAUTH - ok 10:12:47.0788 2068 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 10:12:47.0866 2068 PptpMiniport - ok 10:12:47.0976 2068 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 10:12:48.0022 2068 Processor - ok 10:12:48.0147 2068 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 10:12:48.0210 2068 PSched - ok 10:12:48.0334 2068 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys 10:12:48.0350 2068 PxHelp20 - ok 10:12:48.0428 2068 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 10:12:48.0522 2068 ql2300 - ok 10:12:48.0646 2068 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 10:12:48.0678 2068 ql40xx - ok 10:12:48.0709 2068 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 10:12:48.0771 2068 QWAVEdrv - ok 10:12:48.0865 2068 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 10:12:48.0927 2068 RasAcd - ok 10:12:48.0974 2068 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:12:49.0052 2068 Rasl2tp - ok 10:12:49.0177 2068 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 10:12:49.0239 2068 RasPppoe - ok 10:12:49.0270 2068 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 10:12:49.0302 2068 RasSstp - ok 10:12:49.0458 2068 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 10:12:49.0504 2068 rdbss - ok 10:12:49.0551 2068 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:12:49.0614 2068 RDPCDD - ok 10:12:49.0738 2068 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 10:12:49.0770 2068 rdpdr - ok 10:12:49.0816 2068 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 10:12:49.0863 2068 RDPENCDD - ok 10:12:49.0988 2068 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 10:12:50.0050 2068 RDPWD - ok 10:12:50.0113 2068 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 10:12:50.0144 2068 regi - ok 10:12:50.0269 2068 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 10:12:50.0316 2068 RFCOMM - ok 10:12:50.0378 2068 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys 10:12:50.0425 2068 rimsptsk - ok 10:12:50.0534 2068 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys 10:12:50.0565 2068 risdptsk - ok 10:12:50.0721 2068 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 10:12:50.0768 2068 rspndr - ok 10:12:50.0924 2068 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 10:12:50.0940 2068 sbp2port - ok 10:12:50.0986 2068 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 10:12:51.0064 2068 sdbus - ok 10:12:51.0189 2068 sdcfilter (30bde6ba44a5afeb63f78eda06c64866) C:\Windows\system32\DRIVERS\sdcfilter.sys 10:12:51.0205 2068 sdcfilter - ok 10:12:51.0345 2068 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys 10:12:51.0361 2068 SDHookDriver - ok 10:12:51.0532 2068 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:12:51.0657 2068 secdrv - ok 10:12:51.0766 2068 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 10:12:51.0891 2068 Serenum - ok 10:12:51.0922 2068 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 10:12:52.0047 2068 Serial - ok 10:12:52.0188 2068 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 10:12:52.0266 2068 sermouse - ok 10:12:52.0328 2068 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys 10:12:52.0375 2068 SFEP - ok 10:12:52.0468 2068 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 10:12:52.0515 2068 sffdisk - ok 10:12:52.0578 2068 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 10:12:52.0640 2068 sffp_mmc - ok 10:12:52.0718 2068 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 10:12:52.0812 2068 sffp_sd - ok 10:12:52.0905 2068 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 10:12:52.0936 2068 sfloppy - ok 10:12:53.0030 2068 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 10:12:53.0030 2068 sisagp - ok 10:12:53.0124 2068 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 10:12:53.0139 2068 SiSRaid2 - ok 10:12:53.0217 2068 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 10:12:53.0248 2068 SiSRaid4 - ok 10:12:53.0342 2068 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 10:12:53.0404 2068 Smb - ok 10:12:53.0514 2068 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 10:12:53.0545 2068 spldr - ok 10:12:53.0670 2068 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 10:12:53.0732 2068 srv - ok 10:12:53.0794 2068 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 10:12:53.0872 2068 srv2 - ok 10:12:53.0950 2068 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 10:12:53.0982 2068 srvnet - ok 10:12:54.0075 2068 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 10:12:54.0091 2068 swenum - ok 10:12:54.0169 2068 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 10:12:54.0184 2068 Symc8xx - ok 10:12:54.0262 2068 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 10:12:54.0294 2068 Sym_hi - ok 10:12:54.0356 2068 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 10:12:54.0372 2068 Sym_u3 - ok 10:12:54.0418 2068 SynTP (a04e767ea7c30eabb1bb8b4b57ede4f6) C:\Windows\system32\DRIVERS\SynTP.sys 10:12:54.0450 2068 SynTP - ok 10:12:54.0574 2068 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 10:12:54.0668 2068 Tcpip - ok 10:12:54.0871 2068 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 10:12:54.0933 2068 Tcpip6 - ok 10:12:55.0074 2068 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 10:12:55.0136 2068 tcpipreg - ok 10:12:55.0276 2068 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys 10:12:55.0292 2068 TcUsb - ok 10:12:55.0323 2068 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 10:12:55.0401 2068 TDPIPE - ok 10:12:55.0495 2068 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 10:12:55.0557 2068 TDTCP - ok 10:12:55.0588 2068 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 10:12:55.0635 2068 tdx - ok 10:12:55.0744 2068 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 10:12:55.0776 2068 TermDD - ok 10:12:55.0869 2068 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:12:55.0916 2068 tssecsrv - ok 10:12:55.0978 2068 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 10:12:55.0994 2068 TuneUpUtilitiesDrv - ok 10:12:56.0119 2068 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 10:12:56.0181 2068 tunmp - ok 10:12:56.0306 2068 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 10:12:56.0353 2068 tunnel - ok 10:12:56.0400 2068 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 10:12:56.0431 2068 uagp35 - ok 10:12:56.0556 2068 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 10:12:56.0602 2068 udfs - ok 10:12:56.0696 2068 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 10:12:56.0712 2068 uliagpkx - ok 10:12:56.0805 2068 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 10:12:56.0836 2068 uliahci - ok 10:12:56.0899 2068 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 10:12:56.0930 2068 UlSata - ok 10:12:57.0024 2068 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 10:12:57.0055 2068 ulsata2 - ok 10:12:57.0102 2068 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 10:12:57.0164 2068 umbus - ok 10:12:57.0226 2068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 10:12:57.0273 2068 USBAAPL - ok 10:12:57.0382 2068 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 10:12:57.0445 2068 usbccgp - ok 10:12:57.0601 2068 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 10:12:57.0726 2068 usbcir - ok 10:12:57.0882 2068 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 10:12:57.0944 2068 usbehci - ok 10:12:58.0053 2068 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 10:12:58.0131 2068 usbhub - ok 10:12:58.0272 2068 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 10:12:58.0396 2068 usbohci - ok 10:12:58.0521 2068 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 10:12:58.0568 2068 usbprint - ok 10:12:58.0599 2068 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 10:12:58.0630 2068 usbscan - ok 10:12:58.0740 2068 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:12:58.0786 2068 USBSTOR - ok 10:12:58.0833 2068 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 10:12:58.0880 2068 usbuhci - ok 10:12:59.0020 2068 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 10:12:59.0098 2068 usbvideo - ok 10:12:59.0254 2068 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 10:12:59.0332 2068 vga - ok 10:12:59.0364 2068 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 10:12:59.0410 2068 VgaSave - ok 10:12:59.0520 2068 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 10:12:59.0535 2068 viaagp - ok 10:12:59.0551 2068 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 10:12:59.0598 2068 ViaC7 - ok 10:12:59.0707 2068 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 10:12:59.0722 2068 viaide - ok 10:12:59.0863 2068 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 10:12:59.0878 2068 volmgr - ok 10:12:59.0941 2068 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 10:12:59.0972 2068 volmgrx - ok 10:13:00.0097 2068 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 10:13:00.0144 2068 volsnap - ok 10:13:00.0222 2068 vpnva (0d8df4058901616a4e716ab67d472581) C:\Windows\system32\DRIVERS\vpnva.sys 10:13:00.0237 2068 vpnva - ok 10:13:00.0362 2068 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 10:13:00.0393 2068 vsmraid - ok 10:13:00.0440 2068 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 10:13:00.0565 2068 WacomPen - ok 10:13:00.0705 2068 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:13:00.0768 2068 Wanarp - ok 10:13:00.0768 2068 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:13:00.0814 2068 Wanarpv6 - ok 10:13:00.0955 2068 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 10:13:00.0970 2068 Wd - ok 10:13:01.0033 2068 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 10:13:01.0080 2068 Wdf01000 - ok 10:13:01.0251 2068 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys 10:13:01.0282 2068 WimFltr - ok 10:13:01.0438 2068 winachsf (f1265727c078406299ff4b3b033e3132) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 10:13:01.0516 2068 winachsf - ok 10:13:01.0672 2068 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 10:13:01.0735 2068 WmiAcpi - ok 10:13:01.0860 2068 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 10:13:01.0906 2068 WpdUsb - ok 10:13:02.0047 2068 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 10:13:02.0125 2068 ws2ifsl - ok 10:13:02.0281 2068 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:13:02.0343 2068 WUDFRd - ok 10:13:02.0421 2068 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys 10:13:02.0468 2068 XAudio - ok 10:13:02.0562 2068 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys 10:13:02.0624 2068 yukonwlh - ok 10:13:02.0686 2068 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 10:13:03.0763 2068 \Device\Harddisk0\DR0 - ok 10:13:03.0794 2068 Boot (0x1200) (4c44dc2b38ef2b91d41d3213cae7f39c) \Device\Harddisk0\DR0\Partition0 10:13:03.0794 2068 \Device\Harddisk0\DR0\Partition0 - ok 10:13:03.0794 2068 ============================================================ 10:13:03.0794 2068 Scan finished 10:13:03.0794 2068 ============================================================ 10:13:03.0810 5428 Detected object count: 0 10:13:03.0810 5428 Actual detected object count: 0 |
|
29.10.2011, 16:01
| #42 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | auch sirefef.o auf dem Computer Ok, führ nochmal Combofix aus, lösch die alte combofix.exe vorher: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.10.2011, 12:21
| #43 |
| | auch sirefef.o auf dem Computer combfiw log datei: Combofix Logfile: Code:
ATTFilter ComboFix 11-10-30.01 - s.chaitidou 30.10.2011 12:01:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3068.1819 [GMT 1:00]
ausgeführt von:: c:\users\s.chaitidou\Desktop\ComboFix.exe
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-28 bis 2011-10-30 ))))))))))))))))))))))))))))))
.
.
2011-10-30 11:10 . 2011-10-30 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-29 08:24 . 2011-10-29 08:24 -------- d-----w- C:\savw_97_sa
2011-10-28 12:55 . 2011-10-30 10:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{406D9907-C51E-40C7-9F60-1422731511EB}\offreg.dll
2011-10-28 10:16 . 2011-10-28 13:48 -------- d-----w- C:\_OTL
2011-10-28 05:56 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{406D9907-C51E-40C7-9F60-1422731511EB}\mpengine.dll
2011-10-27 13:01 . 2011-10-27 13:01 -------- d-----w- c:\program files\ESET
2011-10-27 07:11 . 2011-10-27 07:11 -------- d-----w- c:\users\s.chaitidou\AppData\Roaming\Malwarebytes
2011-10-27 07:11 . 2011-10-27 07:11 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 07:11 . 2011-10-27 07:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 07:11 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 13:10 . 2011-10-26 13:10 -------- d-----w- c:\users\s.chaitidou\AppData\Roaming\Priotecs
2011-10-26 12:21 . 2011-10-26 12:21 -------- d-----w- c:\users\s.chaitidou\AppData\Roaming\PeerNetworking
2011-10-26 11:19 . 2011-10-30 11:10 -------- d-----w- c:\users\s.chaitidou\AppData\Local\temp
2011-10-26 10:45 . 2009-04-11 04:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-26 10:03 . 2011-10-26 10:03 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-26 09:37 . 2011-10-26 09:37 -------- d-----w- c:\program files\SmartTweak Software
2011-10-26 09:12 . 2011-10-26 09:59 -------- d-----w- c:\program files\FixMyRegistry
2011-10-26 09:11 . 2011-10-26 09:11 -------- d-----w- c:\users\s.chaitidou\AppData\Local\PackageAware
2011-10-26 07:02 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 13:00 . 2011-10-25 13:00 -------- d-----w- c:\program files\Guitar Pro 5
2011-10-22 12:07 . 2011-10-22 12:36 -------- d-----w- c:\users\s.chaitidou\AppData\Local\memocard
2011-10-22 12:06 . 2011-10-22 12:42 -------- d-----w- c:\program files\MemoCard
2011-10-22 12:06 . 2011-10-22 12:42 -------- d-----w- c:\windows\uninstall
2011-10-22 10:44 . 2011-10-22 10:48 -------- d-----w- c:\users\s.chaitidou\AppData\Roaming\.anki
2011-10-20 22:36 . 2011-10-20 22:36 -------- d-----w- c:\users\s.chaitidou\AppData\Roaming\vlc
2011-10-13 19:18 . 2011-10-30 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-10-13 18:58 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 18:58 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 18:58 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 18:58 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 13:19 . 2011-10-12 13:19 -------- d-----w- c:\program files\iPod
2011-10-12 13:19 . 2011-10-12 13:21 -------- d-----w- c:\program files\iTunes
2011-10-12 13:11 . 2011-10-26 11:06 -------- d-----w- c:\program files\Bonjour
2011-10-12 09:05 . 2011-10-12 09:05 -------- d-----w- c:\program files\proSoft24
2011-10-12 09:05 . 2011-10-12 09:48 -------- d-----w- c:\programdata\ProSoft24
2011-10-12 09:04 . 2011-10-12 09:49 -------- d-----w- c:\users\s.chaitidou\AppData\Local\Conduit
2011-09-30 15:49 . 2011-09-16 14:44 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-09-30 15:49 . 2011-09-16 14:44 29504 ----a-w- c:\windows\system32\uxtuneup.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 09:03 . 2011-06-03 11:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-16 14:52 . 2011-05-19 16:55 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-09-12 05:14 . 2011-09-12 05:14 24312 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-09-12 05:14 . 2011-09-12 05:14 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-09-09 16:10 . 2011-09-09 16:10 10704 ----a-w- c:\windows\system32\vpncategories.dll
2011-09-09 16:10 . 2011-09-09 16:10 33232 ----a-w- c:\windows\system32\vpnevents.dll
2011-09-09 16:00 . 2011-09-09 16:00 23464 ----a-w- c:\windows\system32\drivers\vpnva.sys
2011-09-09 15:59 . 2011-09-09 15:59 57000 ----a-r- c:\windows\system32\drivers\acsmux.sys
2011-09-09 15:59 . 2011-09-09 15:59 38440 ----a-r- c:\windows\system32\drivers\acsint.sys
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-09-30 06:50 . 2011-07-01 16:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-23 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1295656]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Skytel"="Skytel.exe" [2008-06-23 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-07 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-07 92704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\s.chaitidou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"MarketingTools"=c:\program files\Sony\Marketing Tools\MarketingTools.exe
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-09-12 24312]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-27 299008]
R4 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-19 411488]
R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-16 1526080]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [2011-09-09 38440]
S3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [2011-09-09 57000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-05 29736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
S4 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-28 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-10-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2011-10-26 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-10-13 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\s.chaitidou\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\s.chaitidou\AppData\Roaming\Mozilla\Firefox\Profiles\ucs85htw.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-30 12:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(7612)
c:\users\s.chaitidou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2011-10-30 12:14:54
ComboFix-quarantined-files.txt 2011-10-30 11:14
ComboFix2.txt 2011-10-26 11:19
.
Vor Suchlauf: 19 Verzeichnis(se), 147.243.175.936 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 147.203.850.240 Bytes frei
.
- - End Of File - - 6F54A651A561924F6344CB4A2F3F9B16
|
|
30.10.2011, 18:15
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | auch sirefef.o auf dem Computer Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.10.2011, 11:09
| #45 |
| | auch sirefef.o auf dem Computer GMER log GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-31 11:05:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: pgn8r2o2.exe; Driver: C:\Users\SE4A0~1.CHA\AppData\Local\Temp\fwlorfoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC01340, 0x3E2047, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D3A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D18395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73CEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D6CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73D0C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d02856f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f499fe7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f4edbf2
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d02856f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214f499fe7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214f4edbf2 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu auch sirefef.o auf dem Computer |
| combofix, compu, computer, datei, funktionier, funktioniert, funktioniert nicht, infiziert., inter, interne, internet, log, log datei, nicht mehr, schei, schicke, software, sophos, troja |
Linear-Darstellung
