| |
| |||||||
Log-Analyse und Auswertung: "Bundespolizei Trojaner" komplett entfernt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.11.2011, 17:06
| #1 |
 |  "Bundespolizei Trojaner" komplett entfernt? Guten Tag, vor zwei Tagen wurde mein System mit dem "Bundespolizei-Trojaner" infiziert, welcher den PC sperrt und nur eine Meldung anzeigt, auf der man dazu aufgefordert wird per UCASH oder PaySafe Card 100€ zu bezahlen. Daraufhin habe ich recherchiert und versucht das Problem selbst zu lösen, bin mir aber nicht ganz sicher, ob ich den Trojaner komplett los bin, weshalb ich hier nun den Rat von Experten suche. Zunächst habe ich im abgesicherten Modus in der Regestry nach einem Prozess namens "mahamd" oder so ähnlich gesucht, welchen ich gelöscht habe, dieser sperrte offensichtlich den PC. Eingenistet war er in meinem Antivir, dass die Bedrohung auch erkannt hatte, jedoch stand bei ausgeführte Aktion "Zugriff erlauben". Daraufhin wollte ich die Systemwiederherstellung nutzen, dies schlug aber nach dem Neustart dann fehl, weil keine Systemwiederherstellpunkte vorhanden waren, diese wurden wohl gelöscht, weshalb ich nur vermuten kann, dass ich eine neuere Version von dem Trojaner bekommen habe. In Folge dessen habe ich mir dann den CCleaner, Malwarebytes Antimalware und SUPERAntiSpyware geladen und alle Programme durchlaufen lassen. Ebenso habe ich das Antivir deinstalliert und durch die Testversion von Kaspersky ersetzt. Dabei haben SUPERAntiSpyware wie auch Kaspersky Bedrohungen gefunden und gelöscht und sagen mir nun, mein PC sei sicher. Dessen bin ich mir leider nicht sicher, da im Taskmanager unter Prozesse "viel Bewegung" herscht, also die einzelnen Prozesse wechseln die Position, so als würde für Sekundenbruchteile ein Prozess da sein und wieder verschwinden. Ich hoffe man kann einigermaßen verstehen was ich meine. Nun erhoffe ich mir, dass durch Einsicht der Logs mehr Klarheit geschaffen werden kann. Ich danke schonmal im voraus für die Hilfe! Hier das OTL Logfile: OTL logfile created on: 15.11.2011 12:59:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxxx\Desktop 64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,75% Memory free 4,23 Gb Paging File | 2,74 Gb Available in Paging File | 64,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 5,08 Gb Free Space | 6,82% Space Free | Partition Type: NTFS Drive D: | 111,78 Gb Total Space | 17,68 Gb Free Space | 15,82% Space Free | Partition Type: NTFS Computer Name: B1 | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe PRC - [2011.11.07 00:48:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe PRC - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe PRC - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe PRC - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe PRC - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe PRC - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe PRC - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe PRC - [2009.04.14 06:45:30 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE ========== Modules (No Company Name) ========== MOD - [2011.11.07 00:48:04 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll MOD - [2010.10.28 17:55:02 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2010.10.28 17:55:02 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2010.10.28 17:55:02 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2008.01.19 09:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds) SRV - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync) SRV - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc) SRV - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer) SRV - [2009.09.18 09:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2009.06.03 09:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1) DRV:64bit: - [2010.07.28 23:25:16 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ivusb.sys -- (ivusb) DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009.06.18 18:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2007.12.06 08:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.68 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.07 00:48:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.05 12:26:29 | 000,000,000 | ---D | M] [2010.10.19 21:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions [2011.11.07 00:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions [2011.02.20 21:22:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.07 00:48:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.07.28 23:07:49 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.05.21 08:58:59 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775 [2011.11.09 13:34:59 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-1.xml [2011.10.05 01:17:47 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-10.xml [2011.11.09 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-11.xml [2010.12.11 13:58:57 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-2.xml [2011.03.10 10:17:58 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-3.xml [2011.04.05 16:03:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-4.xml [2011.05.10 23:38:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-5.xml [2011.05.19 20:07:01 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-6.xml [2011.06.22 19:42:12 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-7.xml [2011.06.29 11:38:53 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-8.xml [2011.08.20 19:48:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-9.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin.xml [2011.08.25 19:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.16 12:40:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.10.22 10:17:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.25 19:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.06 12:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\LINKFILTER@KASPERSKY.RU [2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011.11.07 00:48:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2007.02.08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll [2010.01.08 21:08:52 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll [2011.11.07 00:48:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.07 00:48:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.07 00:48:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.07 00:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.07 00:48:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.07 00:48:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKCU..\Run: [avupdate] File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A57B1C92-0FAE-4CA5-BF60-3085AD8951B7}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell - "" = AutoRun O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\install\command - "" = E:\SETUP.EXE O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell - "" = AutoRun O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell\AutoRun\command - "" = I:\Autorun\CDRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.15 12:58:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2011.11.15 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Desktop\Neuer Ordner (3) [2011.11.14 19:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012 [2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2011.11.14 19:09:22 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.11.13 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\SUPERAntiSpyware.com [2011.11.13 23:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.11.13 13:22:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2011.11.13 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.13 13:22:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.13 13:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.11.13 13:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.11.11 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\avatare [1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2011.11.15 12:54:02 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.11.15 12:54:02 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.11.15 12:50:46 | 001,445,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.15 12:50:46 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.15 12:50:46 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.15 12:50:46 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.15 12:50:46 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.15 12:46:26 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.15 12:46:26 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.15 12:46:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.15 12:46:06 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2011.11.15 12:43:38 | 000,000,188 | ---- | M] () -- C:\Users\xxxx\defogger_reenable [2011.11.14 19:13:56 | 000,017,408 | ---- | M] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db [2011.11.14 19:12:25 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011.11.14 19:12:25 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.11.13 23:38:32 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.11.13 18:55:08 | 000,007,776 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg [2011.11.13 15:53:34 | 000,232,568 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg [2011.11.06 10:12:44 | 000,006,944 | ---- | M] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat [2011.10.24 00:49:31 | 000,087,040 | ---- | M] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.15 12:43:37 | 000,000,188 | ---- | C] () -- C:\Users\xxxx\defogger_reenable [2011.11.14 19:13:47 | 000,017,408 | ---- | C] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db [2011.11.14 19:12:25 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2011.11.14 19:12:25 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2011.11.13 23:38:32 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.11.13 19:21:56 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys [2011.11.13 18:55:03 | 000,007,776 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg [2011.11.13 15:53:04 | 000,232,568 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg [2011.06.13 02:00:23 | 000,000,732 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps64.dat [2011.01.09 04:51:27 | 000,006,944 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat [2011.01.01 21:09:53 | 000,004,096 | -H-- | C] () -- C:\Users\xxxx\AppData\Local\keyfile3.drm [2010.10.24 19:31:02 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.10.24 19:31:01 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.10.24 12:19:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.24 12:09:53 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.10.23 02:11:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2010.10.22 21:41:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010.10.22 21:40:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010.10.22 21:40:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010.10.21 18:40:03 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2010.10.21 16:56:09 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2010.10.18 20:58:17 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.10.17 18:19:40 | 000,087,040 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini [2009.04.14 06:45:20 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll [2009.04.14 06:45:04 | 000,044,064 | ---- | C] () -- C:\Windows\CPLUtl64.exe [2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2005.04.06 16:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2005.04.06 16:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll ========== LOP Check ========== [2011.10.03 15:36:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canon [2011.11.13 13:21:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DAEMON Tools Lite [2011.07.02 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\go [2011.03.11 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC [2011.03.11 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.11.12 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ICQ [2011.03.10 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\LolClient [2010.11.06 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PTC [2011.11.14 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\QuickScan [2010.10.27 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Scendix Software [2011.03.15 02:30:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SkyTestAB1 [2011.02.20 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Softland [2011.11.14 23:10:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TS3Client [2011.11.15 12:44:49 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
16.11.2011, 10:52
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "Bundespolizei Trojaner" komplett entfernt?Zitat:
__________________ |
|
16.11.2011, 18:44
| #3 |
| | "Bundespolizei Trojaner" komplett entfernt? Hallo,
__________________da war ich wohl sehr nachlässig :/ , diese nicht alle direkt zu speichern. Der Log-Ordner von SUPERAntiSpyware z.B. ist leer. Ich denke das war ich wohl selbst, da der CCleaner ja temporäre Dateien löscht. Antivir habe ja deinstalliert, da kann ich mich wirklich nur über meine Kurzsichtigkeit ärgern... Na ja ich poste hier mal was ich habe und hoffe dass das weiterhilft.. hier der Report von Malwarebytes: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7622 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 9.0.8112.16421 13.11.2011 15:30:49 mbam-log-2011-11-13 (15-30-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 386121 Laufzeit: 1 Stunde(n), 0 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Hier die Funde von Kaspersky: Typ: trojanisches Programm (12) Trojan-Spy.Win32.Wexd.p Gelöscht 14.11.2011 22:33:25 Trojan-Spy.Win32.Wexd.p Gelöscht 14.11.2011 22:33:25 Trojan-Spy.Win32.Wexd.p Gelöscht 14.11.2011 22:33:18 Trojan-Spy.Win32.Wexd.p Gelöscht 14.11.2011 22:33:18 Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:11 Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:11 Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:11 Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:10 Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:10 Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:10 Exploit.Java.CVE-2010-0840.en Desinfiziert 14.11.2011 22:32:08 Exploit.Java.CVE-2010-0840.en Gelöscht 14.11.2011 22:32:08 |
|
16.11.2011, 20:16
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei Trojaner" komplett entfernt?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.11.2011, 15:00
| #5 |
| | "Bundespolizei Trojaner" komplett entfernt? Hallo, ich habe nochmal genau geschaut im Kaspersky, wenn ich da auf "Berichte" gehe und dann bei Untersuchung, sehe ich den Suchlauf zwar, aber wenn ich das nun speichere, sind da wieder keine Pfadangaben und das ist ja dann wieder nicht das komplette Logfile, welches du brauchst. Gibt es da eine Möglichkeit die ich übersehe, an die Logs zu kommen? Oder lagen die womöglich auch im Temp Ordner? Bzw. gibt es einen anderen Weg mir zu helfen, nachdem ich das mit den Logs ein wenig versaut habe? |
|
17.11.2011, 16:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei Trojaner" komplett entfernt? Dann lass Kaspersky erstmal weg. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ --> "Bundespolizei Trojaner" komplett entfernt? |
|
17.11.2011, 17:12
| #7 |
| | "Bundespolizei Trojaner" komplett entfernt? Nein, weitere Logs von Malwarebytes existieren nicht, nur das von dem Suchlauf, welcher nichts gefunden hat. |
|
17.11.2011, 20:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei Trojaner" komplett entfernt? Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2011, 23:22
| #9 |
| | "Bundespolizei Trojaner" komplett entfernt? Sooo, hier nun endlich das Log, hoffe das gibt dir Aufschluss. ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=4dd7aef404e8e541bd3b3ae1e2286234 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-17 10:08:15 # local_time=2011-11-17 11:08:15 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1280 16777215 100 0 269447 269447 0 0 # compatibility_mode=5892 16776638 100 56 21721341 159084072 0 0 # compatibility_mode=8192 67108863 100 0 4150 4150 0 0 # scanned=233798 # found=0 # cleaned=0 # scan_time=7646 |
|
18.11.2011, 11:27
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei Trojaner" komplett entfernt? CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2011, 19:17
| #11 |
| | "Bundespolizei Trojaner" komplett entfernt? Hier der neue Report von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.11.2011 18:25:46 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxxx\Desktop 64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,13% Memory free 4,23 Gb Paging File | 2,81 Gb Available in Paging File | 66,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 3,90 Gb Free Space | 5,24% Space Free | Partition Type: NTFS Drive D: | 111,78 Gb Total Space | 17,68 Gb Free Space | 15,82% Space Free | Partition Type: NTFS Computer Name: B1 | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe PRC - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe PRC - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe PRC - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe PRC - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe PRC - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe PRC - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe PRC - [2009.04.14 06:45:30 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe ========== Modules (No Company Name) ========== MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll MOD - [2010.10.28 17:55:02 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2010.10.28 17:55:02 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2010.10.28 17:55:02 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2008.01.19 09:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds) SRV - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync) SRV - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc) SRV - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer) SRV - [2009.09.18 09:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2009.06.03 09:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1) DRV:64bit: - [2010.07.28 23:25:16 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ivusb.sys -- (ivusb) DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009.06.18 18:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2007.12.06 08:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.68 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.07 00:48:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.05 12:26:29 | 000,000,000 | ---D | M] [2010.10.19 21:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions [2011.11.07 00:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions [2011.02.20 21:22:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.07 00:48:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.07.28 23:07:49 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.05.21 08:58:59 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775 [2011.11.16 23:38:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-1.xml [2011.10.05 01:17:47 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-10.xml [2011.11.09 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-11.xml [2010.12.11 13:58:57 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-2.xml [2011.03.10 10:17:58 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-3.xml [2011.04.05 16:03:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-4.xml [2011.05.10 23:38:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-5.xml [2011.05.19 20:07:01 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-6.xml [2011.06.22 19:42:12 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-7.xml [2011.06.29 11:38:53 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-8.xml [2011.08.20 19:48:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-9.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin.xml [2011.11.18 12:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.16 12:40:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.10.22 10:17:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.25 19:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.06 12:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.11.18 12:22:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\LINKFILTER@KASPERSKY.RU [2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011.11.07 00:48:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2007.02.08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll [2010.01.08 21:08:52 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll [2011.11.07 00:48:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.07 00:48:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.07 00:48:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.07 00:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.07 00:48:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.07 00:48:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKCU..\Run: [avupdate] File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A57B1C92-0FAE-4CA5-BF60-3085AD8951B7}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell - "" = AutoRun O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\install\command - "" = E:\SETUP.EXE O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell - "" = AutoRun O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell\AutoRun\command - "" = I:\Autorun\CDRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootMin:64bit: 77911033.sys - Driver SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: 77911033.sys - Driver SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootNet:64bit: 77911033.sys - Driver SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfRd - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 77911033.sys - Driver SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WudfPf - Driver SafeBootNet: WudfRd - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.18 12:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.11.17 20:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.17 17:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.17 17:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.15 13:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.11.15 13:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2011.11.15 12:58:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2011.11.15 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Desktop\Neuer Ordner (3) [2011.11.14 19:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012 [2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2011.11.14 19:09:22 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.11.13 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\SUPERAntiSpyware.com [2011.11.13 23:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.11.13 13:22:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2011.11.13 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.13 13:22:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.13 13:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.11.13 13:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.11.11 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\avatare [1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.18 18:10:28 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.11.18 18:10:19 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.18 18:10:19 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.18 18:09:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2011.11.15 12:54:02 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.11.15 12:50:46 | 001,445,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.15 12:50:46 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.15 12:50:46 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.15 12:50:46 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.15 12:50:46 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.15 12:46:06 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2011.11.15 12:43:38 | 000,000,188 | ---- | M] () -- C:\Users\xxxx\defogger_reenable [2011.11.14 19:13:56 | 000,017,408 | ---- | M] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db [2011.11.14 19:12:25 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011.11.14 19:12:25 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.11.13 23:38:32 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.11.13 18:55:08 | 000,007,776 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg [2011.11.13 15:53:34 | 000,232,568 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg [2011.11.06 10:12:44 | 000,006,944 | ---- | M] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat [2011.10.24 00:49:31 | 000,087,040 | ---- | M] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.15 12:43:37 | 000,000,188 | ---- | C] () -- C:\Users\xxxx\defogger_reenable [2011.11.14 19:13:47 | 000,017,408 | ---- | C] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db [2011.11.14 19:12:25 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2011.11.14 19:12:25 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2011.11.13 23:38:32 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.11.13 19:21:56 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys [2011.11.13 18:55:03 | 000,007,776 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg [2011.11.13 15:53:04 | 000,232,568 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg [2011.06.13 02:00:23 | 000,000,732 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps64.dat [2011.01.09 04:51:27 | 000,006,944 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat [2011.01.01 21:09:53 | 000,004,096 | -H-- | C] () -- C:\Users\xxxx\AppData\Local\keyfile3.drm [2010.10.24 19:31:02 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.10.24 19:31:01 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.10.24 12:19:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.24 12:09:53 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.10.23 02:11:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2010.10.22 21:41:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010.10.22 21:40:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010.10.22 21:40:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010.10.21 18:40:03 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2010.10.21 16:56:09 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2010.10.18 20:58:17 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.10.17 18:19:40 | 000,087,040 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini [2009.04.14 06:45:20 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll [2009.04.14 06:45:04 | 000,044,064 | ---- | C] () -- C:\Windows\CPLUtl64.exe [2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2005.04.06 16:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2005.04.06 16:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll ========== LOP Check ========== [2011.10.03 15:36:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canon [2011.11.13 13:21:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DAEMON Tools Lite [2011.07.02 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\go [2011.03.11 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC [2011.03.11 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.11.12 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ICQ [2011.03.10 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\LolClient [2010.11.06 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PTC [2011.11.14 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\QuickScan [2010.10.27 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Scendix Software [2011.03.15 02:30:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SkyTestAB1 [2011.02.20 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Softland [2011.11.14 23:10:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TS3Client [2011.11.15 12:44:49 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.11 22:21:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Adobe [2011.10.03 15:36:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canon [2011.11.13 13:21:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DAEMON Tools Lite [2010.10.23 11:46:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\dvdcss [2011.07.02 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\go [2011.03.11 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC [2011.03.11 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.11.12 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ICQ [2010.10.17 17:40:16 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Identities [2011.03.10 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\LolClient [2010.10.19 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Macromedia [2011.11.13 13:22:18 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2011.01.20 12:46:32 | 000,000,000 | --SD | M] -- C:\Users\xxxx\AppData\Roaming\Microsoft [2010.10.19 21:30:27 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Mozilla [2010.11.06 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PTC [2011.11.14 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\QuickScan [2010.10.27 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Scendix Software [2011.11.13 13:21:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Skype [2011.06.15 00:05:30 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\skypePM [2011.03.15 02:30:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SkyTestAB1 [2011.02.20 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Softland [2011.11.13 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SUPERAntiSpyware.com [2011.11.14 23:10:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TS3Client [2011.11.13 13:21:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Ventrilo [2011.10.03 04:39:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\vlc [2010.10.22 12:23:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.04.05 15:05:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\xxxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.11.02 13:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2010.10.19 14:04:22 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys [2008.01.19 09:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2010.10.19 14:04:23 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys [2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2006.11.02 12:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.19 09:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2006.11.02 12:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 13:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.19 09:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2006.11.02 12:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll [2008.01.19 09:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2006.11.02 10:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll [2010.10.19 13:48:05 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll [2008.01.19 09:04:23 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.19 08:32:19 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2010.10.19 13:48:05 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll [2010.10.19 13:48:07 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll [2006.11.02 12:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2010.10.19 13:48:06 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [2006.11.02 12:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe [2008.01.19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.19 09:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.19 09:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe [2006.11.02 12:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.19 09:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 12:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.19 07:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.19 07:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys [2006.11.02 10:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
18.11.2011, 19:28
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei Trojaner" komplett entfernt? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
[2011.11.07 00:48:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.21 08:58:59 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775
[2011.11.16 23:38:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-1.xml
[2011.10.05 01:17:47 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-10.xml
[2011.11.09 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-11.xml
[2010.12.11 13:58:57 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-2.xml
[2011.03.10 10:17:58 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-3.xml
[2011.04.05 16:03:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-4.xml
[2011.05.10 23:38:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-5.xml
[2011.05.19 20:07:01 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-6.xml
[2011.06.22 19:42:12 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-7.xml
[2011.06.29 11:38:53 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-8.xml
[2011.08.20 19:48:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin.xml
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKCU..\Run: [avupdate] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell\AutoRun\command - "" = I:\Autorun\CDRun.exe
SafeBootMin:64bit: 77911033.sys - Driver
SafeBootMin: 77911033.sys - Driver
SafeBootNet:64bit: 77911033.sys - Driver
SafeBootNet: 77911033.sys - Driver
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2011, 19:56
| #13 |
| | "Bundespolizei Trojaner" komplett entfernt? Postwendend die Antwort All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" removed from keyword.URL C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775\defaults\preferences folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775\defaults folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775\chrome folder moved successfully. C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775 folder moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-1.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-10.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-11.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-2.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-3.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-4.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-5.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-6.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-7.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-8.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-9.xml moved successfully. C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found. File E:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found. File E:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found. File E:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d478b9e-dd1e-11df-9039-0015f2004703}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d478b9e-dd1e-11df-9039-0015f2004703}\ not found. File I:\Autorun\CDRun.exe not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 77911033.sys\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77911033.sys\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 77911033.sys\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77911033.sys\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: xxxx ->Temp folder emptied: 352715192 bytes ->Temporary Internet Files folder emptied: 169226678 bytes ->Java cache emptied: 22279505 bytes ->FireFox cache emptied: 97653473 bytes ->Flash cache emptied: 58346 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 253460 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 613,00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11182011_193659 Files\Folders moved on Reboot... C:\Users\xxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
18.11.2011, 21:34
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Bundespolizei Trojaner" komplett entfernt? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2011, 15:12
| #15 |
| | "Bundespolizei Trojaner" komplett entfernt? 14:59:53.0467 3104 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50 14:59:53.0822 3104 ============================================================ 14:59:53.0822 3104 Current date / time: 2011/11/19 14:59:53.0822 14:59:53.0822 3104 SystemInfo: 14:59:53.0822 3104 14:59:53.0822 3104 OS Version: 6.0.6002 ServicePack: 2.0 14:59:53.0822 3104 Product type: Workstation 14:59:53.0822 3104 ComputerName: B1 14:59:53.0823 3104 UserName: XXXX 14:59:53.0823 3104 Windows directory: C:\Windows 14:59:53.0823 3104 System windows directory: C:\Windows 14:59:53.0823 3104 Running under WOW64 14:59:53.0823 3104 Processor architecture: Intel x64 14:59:53.0823 3104 Number of processors: 2 14:59:53.0823 3104 Page size: 0x1000 14:59:53.0823 3104 Boot type: Normal boot 14:59:53.0823 3104 ============================================================ 14:59:55.0639 3104 Initialize success 15:01:06.0252 2904 ============================================================ 15:01:06.0252 2904 Scan started 15:01:06.0252 2904 Mode: Manual; SigCheck; TDLFS; 15:01:06.0252 2904 ============================================================ 15:01:06.0943 2904 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 15:01:07.0492 2904 ACPI - ok 15:01:07.0550 2904 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys 15:01:07.0587 2904 adp94xx - ok 15:01:07.0696 2904 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys 15:01:07.0729 2904 adpahci - ok 15:01:07.0756 2904 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys 15:01:07.0774 2904 adpu160m - ok 15:01:07.0805 2904 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys 15:01:07.0822 2904 adpu320 - ok 15:01:07.0914 2904 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys 15:01:08.0165 2904 AFD - ok 15:01:08.0209 2904 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys 15:01:08.0223 2904 agp440 - ok 15:01:08.0283 2904 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 15:01:08.0298 2904 aic78xx - ok 15:01:08.0427 2904 ALCXWDM (853ad8bd8ca940d0f5ac2679a6ed439b) C:\Windows\system32\drivers\RTKVAC64.SYS 15:01:08.0670 2904 ALCXWDM - ok 15:01:08.0716 2904 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 15:01:08.0728 2904 aliide - ok 15:01:08.0742 2904 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 15:01:08.0758 2904 amdide - ok 15:01:08.0808 2904 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys 15:01:09.0008 2904 AmdK8 - ok 15:01:09.0043 2904 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys 15:01:09.0058 2904 arc - ok 15:01:09.0112 2904 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys 15:01:09.0127 2904 arcsas - ok 15:01:09.0137 2904 Asushwio - ok 15:01:09.0235 2904 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 15:01:09.0288 2904 AsyncMac - ok 15:01:09.0337 2904 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 15:01:09.0353 2904 atapi - ok 15:01:09.0416 2904 blbdrive - ok 15:01:09.0470 2904 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 15:01:09.0540 2904 bowser - ok 15:01:09.0560 2904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 15:01:09.0692 2904 BrFiltLo - ok 15:01:09.0716 2904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 15:01:09.0760 2904 BrFiltUp - ok 15:01:09.0845 2904 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 15:01:10.0039 2904 Brserid - ok 15:01:10.0056 2904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 15:01:10.0153 2904 BrSerWdm - ok 15:01:10.0189 2904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 15:01:10.0283 2904 BrUsbMdm - ok 15:01:10.0307 2904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 15:01:10.0385 2904 BrUsbSer - ok 15:01:10.0406 2904 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 15:01:10.0478 2904 BTHMODEM - ok 15:01:10.0544 2904 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 15:01:10.0611 2904 cdfs - ok 15:01:10.0677 2904 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 15:01:10.0719 2904 cdrom - ok 15:01:10.0762 2904 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys 15:01:10.0841 2904 circlass - ok 15:01:10.0938 2904 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 15:01:10.0975 2904 CLFS - ok 15:01:11.0045 2904 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 15:01:11.0058 2904 cmdide - ok 15:01:11.0097 2904 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys 15:01:11.0110 2904 Compbatt - ok 15:01:11.0133 2904 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys 15:01:11.0147 2904 crcdisk - ok 15:01:11.0224 2904 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys 15:01:11.0285 2904 CSC - ok 15:01:11.0361 2904 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 15:01:11.0420 2904 DfsC - ok 15:01:11.0491 2904 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 15:01:11.0507 2904 disk - ok 15:01:11.0598 2904 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 15:01:11.0645 2904 drmkaud - ok 15:01:11.0709 2904 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 15:01:11.0777 2904 DXGKrnl - ok 15:01:11.0828 2904 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys 15:01:11.0903 2904 E1G60 - ok 15:01:11.0968 2904 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 15:01:11.0987 2904 Ecache - ok 15:01:12.0015 2904 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys 15:01:12.0051 2904 elxstor - ok 15:01:12.0115 2904 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 15:01:12.0186 2904 exfat - ok 15:01:12.0237 2904 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 15:01:12.0314 2904 fastfat - ok 15:01:12.0357 2904 fdc (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys 15:01:12.0442 2904 fdc - ok 15:01:12.0541 2904 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 15:01:12.0556 2904 FileInfo - ok 15:01:12.0602 2904 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 15:01:12.0681 2904 Filetrace - ok 15:01:12.0712 2904 flpydisk (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys 15:01:12.0788 2904 flpydisk - ok 15:01:12.0846 2904 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 15:01:12.0869 2904 FltMgr - ok 15:01:12.0957 2904 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 15:01:13.0043 2904 Fs_Rec - ok 15:01:13.0089 2904 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys 15:01:13.0104 2904 gagp30kx - ok 15:01:13.0130 2904 HDAudBus (60e6a1b5bd7191f05c3ecdbf4d47b2d7) C:\Windows\system32\drivers\hdaudbus.sys 15:01:13.0208 2904 HDAudBus - ok 15:01:13.0230 2904 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 15:01:13.0301 2904 HidBth - ok 15:01:13.0319 2904 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 15:01:13.0401 2904 HidIr - ok 15:01:13.0494 2904 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 15:01:13.0542 2904 HidUsb - ok 15:01:13.0583 2904 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys 15:01:13.0596 2904 HpCISSs - ok 15:01:13.0630 2904 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys 15:01:13.0676 2904 HTCAND64 - ok 15:01:13.0714 2904 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys 15:01:13.0727 2904 htcnprot - ok 15:01:13.0789 2904 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 15:01:13.0866 2904 HTTP - ok 15:01:13.0891 2904 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys 15:01:13.0905 2904 i2omp - ok 15:01:13.0968 2904 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 15:01:14.0000 2904 i8042prt - ok 15:01:14.0033 2904 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys 15:01:14.0063 2904 iaStorV - ok 15:01:14.0133 2904 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 15:01:14.0147 2904 iirsp - ok 15:01:14.0178 2904 intelide (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys 15:01:14.0191 2904 intelide - ok 15:01:14.0206 2904 intelppm (cd802075728e514548841dcc3f8b0220) C:\Windows\system32\DRIVERS\intelppm.sys 15:01:14.0271 2904 intelppm - ok 15:01:14.0330 2904 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:01:14.0383 2904 IpFilterDriver - ok 15:01:14.0427 2904 IpInIp - ok 15:01:14.0452 2904 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys 15:01:14.0537 2904 IPMIDRV - ok 15:01:14.0583 2904 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 15:01:14.0648 2904 IPNAT - ok 15:01:14.0706 2904 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 15:01:14.0755 2904 IRENUM - ok 15:01:14.0783 2904 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys 15:01:14.0800 2904 isapnp - ok 15:01:14.0864 2904 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 15:01:14.0883 2904 iScsiPrt - ok 15:01:14.0932 2904 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 15:01:14.0946 2904 iteatapi - ok 15:01:14.0968 2904 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 15:01:14.0982 2904 iteraid - ok 15:01:15.0044 2904 ivusb (8f92e7fe65423535ad60445eb730eb61) C:\Windows\system32\DRIVERS\ivusb.sys 15:01:15.0056 2904 ivusb - ok 15:01:15.0109 2904 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 15:01:15.0122 2904 kbdclass - ok 15:01:15.0153 2904 kbdhid (2b08052372c1f0dffc31cdd6e5abc4b5) C:\Windows\system32\DRIVERS\kbdhid.sys 15:01:15.0275 2904 kbdhid - ok 15:01:15.0349 2904 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys 15:01:15.0393 2904 KL1 - ok 15:01:15.0446 2904 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys 15:01:15.0459 2904 kl2 - ok 15:01:15.0548 2904 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys 15:01:15.0609 2904 KLIF - ok 15:01:15.0651 2904 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys 15:01:15.0662 2904 KLIM6 - ok 15:01:15.0687 2904 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys 15:01:15.0700 2904 klmouflt - ok 15:01:15.0746 2904 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys 15:01:15.0786 2904 KSecDD - ok 15:01:15.0853 2904 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 15:01:15.0919 2904 ksthunk - ok 15:01:16.0049 2904 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 15:01:16.0137 2904 lltdio - ok 15:01:16.0192 2904 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys 15:01:16.0205 2904 LSI_FC - ok 15:01:16.0219 2904 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys 15:01:16.0238 2904 LSI_SAS - ok 15:01:16.0261 2904 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys 15:01:16.0291 2904 LSI_SCSI - ok 15:01:16.0341 2904 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 15:01:16.0399 2904 luafv - ok 15:01:16.0437 2904 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys 15:01:16.0451 2904 megasas - ok 15:01:16.0506 2904 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 15:01:16.0561 2904 Modem - ok 15:01:16.0622 2904 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 15:01:16.0665 2904 monitor - ok 15:01:16.0715 2904 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 15:01:16.0729 2904 mouclass - ok 15:01:16.0787 2904 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 15:01:16.0842 2904 mouhid - ok 15:01:16.0897 2904 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 15:01:16.0911 2904 MountMgr - ok 15:01:16.0937 2904 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys 15:01:16.0952 2904 mpio - ok 15:01:17.0033 2904 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 15:01:17.0083 2904 mpsdrv - ok 15:01:17.0131 2904 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 15:01:17.0144 2904 Mraid35x - ok 15:01:17.0182 2904 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 15:01:17.0249 2904 MRxDAV - ok 15:01:17.0310 2904 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:01:17.0343 2904 mrxsmb - ok 15:01:17.0399 2904 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:01:17.0453 2904 mrxsmb10 - ok 15:01:17.0483 2904 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:01:17.0533 2904 mrxsmb20 - ok 15:01:17.0555 2904 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys 15:01:17.0568 2904 msahci - ok 15:01:17.0583 2904 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys 15:01:17.0599 2904 msdsm - ok 15:01:17.0661 2904 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 15:01:17.0723 2904 Msfs - ok 15:01:17.0791 2904 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 15:01:17.0805 2904 msisadrv - ok 15:01:17.0869 2904 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 15:01:17.0935 2904 MSKSSRV - ok 15:01:17.0957 2904 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 15:01:18.0009 2904 MSPCLOCK - ok 15:01:18.0055 2904 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 15:01:18.0114 2904 MSPQM - ok 15:01:18.0166 2904 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 15:01:18.0197 2904 MsRPC - ok 15:01:18.0223 2904 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 15:01:18.0236 2904 mssmbios - ok 15:01:18.0287 2904 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 15:01:18.0348 2904 MSTEE - ok 15:01:18.0487 2904 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys 15:01:18.0590 2904 MTsensor - ok 15:01:18.0617 2904 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 15:01:18.0633 2904 Mup - ok 15:01:18.0703 2904 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 15:01:18.0733 2904 NativeWifiP - ok 15:01:18.0803 2904 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 15:01:18.0867 2904 NDIS - ok 15:01:18.0959 2904 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 15:01:18.0998 2904 NdisTapi - ok 15:01:19.0045 2904 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 15:01:19.0109 2904 Ndisuio - ok 15:01:19.0158 2904 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 15:01:19.0200 2904 NdisWan - ok 15:01:19.0252 2904 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 15:01:19.0304 2904 NDProxy - ok 15:01:19.0378 2904 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 15:01:19.0429 2904 NetBIOS - ok 15:01:19.0489 2904 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 15:01:19.0526 2904 netbt - ok 15:01:19.0571 2904 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 15:01:19.0585 2904 nfrd960 - ok 15:01:19.0664 2904 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 15:01:19.0711 2904 Npfs - ok 15:01:19.0765 2904 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 15:01:19.0829 2904 nsiproxy - ok 15:01:19.0913 2904 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 15:01:20.0019 2904 Ntfs - ok 15:01:20.0080 2904 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 15:01:20.0144 2904 Null - ok 15:01:20.0557 2904 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:01:22.0648 2904 nvlddmkm - ok 15:01:22.0765 2904 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys 15:01:22.0783 2904 nvraid - ok 15:01:22.0825 2904 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys 15:01:22.0843 2904 nvstor - ok 15:01:22.0892 2904 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys 15:01:22.0910 2904 nv_agp - ok 15:01:22.0929 2904 NwlnkFlt - ok 15:01:22.0950 2904 NwlnkFwd - ok 15:01:23.0052 2904 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys 15:01:23.0093 2904 ohci1394 - ok 15:01:23.0289 2904 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys 15:01:23.0419 2904 Parport - ok 15:01:23.0538 2904 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys 15:01:23.0555 2904 partmgr - ok 15:01:23.0705 2904 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys 15:01:23.0718 2904 pavboot - ok 15:01:23.0739 2904 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 15:01:23.0758 2904 pci - ok 15:01:23.0777 2904 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys 15:01:23.0791 2904 pciide - ok 15:01:23.0829 2904 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 15:01:23.0847 2904 pcmcia - ok 15:01:23.0884 2904 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 15:01:24.0063 2904 PEAUTH - ok 15:01:24.0184 2904 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 15:01:24.0237 2904 PptpMiniport - ok 15:01:24.0354 2904 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys 15:01:24.0430 2904 Processor - ok 15:01:24.0512 2904 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 15:01:24.0544 2904 PSched - ok 15:01:24.0709 2904 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys 15:01:24.0775 2904 ql2300 - ok 15:01:24.0854 2904 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 15:01:24.0881 2904 ql40xx - ok 15:01:24.0936 2904 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 15:01:24.0989 2904 QWAVEdrv - ok 15:01:25.0066 2904 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 15:01:25.0118 2904 RasAcd - ok 15:01:25.0245 2904 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:01:25.0299 2904 Rasl2tp - ok 15:01:25.0370 2904 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 15:01:25.0438 2904 RasPppoe - ok 15:01:25.0619 2904 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 15:01:25.0659 2904 RasSstp - ok 15:01:25.0768 2904 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 15:01:25.0814 2904 rdbss - ok 15:01:25.0887 2904 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:01:25.0949 2904 RDPCDD - ok 15:01:26.0053 2904 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys 15:01:26.0114 2904 rdpdr - ok 15:01:26.0253 2904 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 15:01:26.0297 2904 RDPENCDD - ok 15:01:26.0382 2904 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys 15:01:26.0451 2904 RDPWD - ok 15:01:26.0553 2904 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 15:01:26.0621 2904 rspndr - ok 15:01:26.0763 2904 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 15:01:26.0775 2904 SASDIFSV - ok 15:01:26.0830 2904 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 15:01:26.0840 2904 SASKUTIL - ok 15:01:27.0006 2904 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 15:01:27.0021 2904 sbp2port - ok 15:01:27.0073 2904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:01:27.0167 2904 secdrv - ok 15:01:27.0287 2904 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys 15:01:27.0330 2904 Serenum - ok 15:01:27.0378 2904 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys 15:01:27.0429 2904 Serial - ok 15:01:27.0530 2904 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 15:01:27.0596 2904 sermouse - ok 15:01:27.0647 2904 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys 15:01:27.0711 2904 sffdisk - ok 15:01:27.0983 2904 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys 15:01:28.0058 2904 sffp_mmc - ok 15:01:28.0165 2904 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys 15:01:28.0256 2904 sffp_sd - ok 15:01:28.0347 2904 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys 15:01:28.0410 2904 sfloppy - ok 15:01:28.0710 2904 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys 15:01:28.0724 2904 SiSRaid2 - ok 15:01:28.0780 2904 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys 15:01:28.0802 2904 SiSRaid4 - ok 15:01:28.0851 2904 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 15:01:28.0926 2904 Smb - ok 15:01:28.0987 2904 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 15:01:29.0001 2904 spldr - ok 15:01:29.0106 2904 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 15:01:29.0180 2904 srv - ok 15:01:29.0280 2904 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 15:01:29.0343 2904 srv2 - ok 15:01:29.0457 2904 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 15:01:29.0507 2904 srvnet - ok 15:01:29.0570 2904 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 15:01:29.0584 2904 swenum - ok 15:01:29.0622 2904 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 15:01:29.0634 2904 Symc8xx - ok 15:01:29.0705 2904 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 15:01:29.0719 2904 Sym_hi - ok 15:01:29.0835 2904 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 15:01:29.0849 2904 Sym_u3 - ok 15:01:30.0183 2904 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys 15:01:30.0270 2904 Tcpip - ok 15:01:30.0315 2904 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys 15:01:30.0406 2904 Tcpip6 - ok 15:01:30.0489 2904 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 15:01:30.0548 2904 tcpipreg - ok 15:01:30.0630 2904 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 15:01:30.0694 2904 TDPIPE - ok 15:01:30.0833 2904 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 15:01:30.0904 2904 TDTCP - ok 15:01:31.0010 2904 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 15:01:31.0050 2904 tdx - ok 15:01:31.0093 2904 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 15:01:31.0108 2904 TermDD - ok 15:01:31.0234 2904 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:01:31.0303 2904 tssecsrv - ok 15:01:31.0404 2904 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 15:01:31.0431 2904 tunmp - ok 15:01:31.0457 2904 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 15:01:31.0487 2904 tunnel - ok 15:01:31.0532 2904 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys 15:01:31.0545 2904 uagp35 - ok 15:01:31.0713 2904 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 15:01:31.0784 2904 udfs - ok 15:01:31.0839 2904 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys 15:01:31.0853 2904 uliagpkx - ok 15:01:31.0928 2904 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys 15:01:31.0962 2904 uliahci - ok 15:01:32.0002 2904 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 15:01:32.0020 2904 UlSata - ok 15:01:32.0138 2904 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 15:01:32.0174 2904 ulsata2 - ok 15:01:32.0226 2904 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 15:01:32.0279 2904 umbus - ok 15:01:32.0357 2904 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys 15:01:32.0414 2904 usbaudio - ok 15:01:32.0496 2904 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 15:01:32.0545 2904 usbccgp - ok 15:01:32.0643 2904 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 15:01:32.0731 2904 usbcir - ok 15:01:32.0883 2904 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 15:01:32.0948 2904 usbehci - ok 15:01:33.0006 2904 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 15:01:33.0067 2904 usbhub - ok 15:01:33.0222 2904 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys 15:01:33.0286 2904 usbohci - ok 15:01:33.0334 2904 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 15:01:33.0379 2904 usbprint - ok 15:01:33.0521 2904 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 15:01:33.0571 2904 usbscan - ok 15:01:33.0614 2904 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:01:33.0668 2904 USBSTOR - ok 15:01:33.0720 2904 usbuhci (7bf55d2538740b25936e93553e5d190d) C:\Windows\system32\DRIVERS\usbuhci.sys 15:01:33.0793 2904 usbuhci - ok 15:01:33.0887 2904 vga (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys 15:01:33.0970 2904 vga - ok 15:01:34.0057 2904 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 15:01:34.0126 2904 VgaSave - ok 15:01:34.0166 2904 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 15:01:34.0179 2904 viaide - ok 15:01:34.0265 2904 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 15:01:34.0279 2904 volmgr - ok 15:01:34.0386 2904 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 15:01:34.0423 2904 volmgrx - ok 15:01:34.0479 2904 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 15:01:34.0500 2904 volsnap - ok 15:01:34.0549 2904 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys 15:01:34.0566 2904 vsmraid - ok 15:01:34.0602 2904 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 15:01:34.0681 2904 WacomPen - ok 15:01:34.0734 2904 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 15:01:34.0772 2904 Wanarp - ok 15:01:34.0782 2904 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 15:01:34.0816 2904 Wanarpv6 - ok 15:01:34.0861 2904 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys 15:01:34.0874 2904 Wd - ok 15:01:34.0938 2904 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 15:01:35.0007 2904 Wdf01000 - ok 15:01:35.0104 2904 WmiAcpi (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys 15:01:35.0167 2904 WmiAcpi - ok 15:01:35.0234 2904 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 15:01:35.0293 2904 WpdUsb - ok 15:01:35.0353 2904 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 15:01:35.0416 2904 ws2ifsl - ok 15:01:35.0550 2904 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys 15:01:35.0617 2904 yukonx64 - ok 15:01:35.0635 2904 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 15:01:35.0802 2904 \Device\Harddisk0\DR0 - ok 15:01:35.0808 2904 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1 15:01:35.0843 2904 \Device\Harddisk1\DR1 - ok 15:01:35.0848 2904 Boot (0x1200) (07e42403f973f350dd2ece3e067c7dfb) \Device\Harddisk0\DR0\Partition0 15:01:35.0849 2904 \Device\Harddisk0\DR0\Partition0 - ok 15:01:35.0857 2904 Boot (0x1200) (107035d130bcf8319b7a9f44ac0af2d4) \Device\Harddisk1\DR1\Partition0 15:01:35.0857 2904 \Device\Harddisk1\DR1\Partition0 - ok 15:01:35.0859 2904 ============================================================ 15:01:35.0860 2904 Scan finished 15:01:35.0860 2904 ============================================================ 15:01:35.0880 4796 Detected object count: 0 15:01:35.0880 4796 Actual detected object count: 0 15:21:06.0185 2956 Deinitialize success Geändert von Ben89 (19.11.2011 um 15:23 Uhr) |
|
| Themen zu "Bundespolizei Trojaner" komplett entfernt? |
| antivir, autorun, bho, entfernt?, error, firefox, helper, kaspersky, kaspersky anti-virus 2012, logfile, mozilla, national, nicht sicher, object, plug-in, problem, prozess, prozesse, realtek, registry, scan, security, senden, software, system, taskmanager, tastatur, trojaner, version=1.0, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
