| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sophos Scan hat Trojaner und Maleware gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.12.2011, 17:58
| #1 |
 |  Sophos Scan hat Trojaner und Maleware gefunden Hallo liebe User, nachdem ich bei jedem Rechnerneustart und anschließendem öffnen von Firefox von meinem Sophos Antivirenprogramm gewarnt wurde, dass ich Maleware auf meinem Laptop habe, habe ich mal einen kompletten Scan laufen lassen. Das Ergebnis ist: zwei mal Maleware, ein Trojaner und ein verdächtiges Verhalten. Betriebssystem: Windows 7 Professional Service Pack 1 Zum Programm: Sophos endpoint Security and Control, Produktversion 9.5 Ergebnis: 1.) Typ: Virus/Spyware Name: Troj/Java-BM Details: C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-361bfed8 C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-513846c8 C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-54521aca C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-7f4b6c5a C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-67f20674 C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-738e9521 2.) Typ: Virus/Spyware Name: Mal/JavaJar-A Details: C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1f605f29-5c439e68 3.) Typ: Virus/Spyware Name: Mal/Generic-S Details: C:\Users\Vincenzo\AppData\Roaming\5051\components\AcroFF051.dll -> wurde schon öfters bereinigt. Kommt aber jedesmal nach Neustart des Laptops und starten von Firefox wieder 4.) Typ: Verdächtiges Verhalten Name: HIPS/RegMod-012 Details: C:\Windows\system32\taskhost.exe ich hoffe es kann mir jemand helfen, ohne dass ich Windows neuinstallieren muss. Mfg Vincenzo |
|
01.12.2011, 20:01
| #2 |
  | Sophos Scan hat Trojaner und Maleware gefunden Hi,
__________________ein paar Infos mehr (welches Windows, 64 Bit etc.) wären hilfreich... Deployment-Cache löschen: Folge den Anweisungen auf dieser Seite http://www.java.com/de/download/help/cache_virus.xml und dann dem Abschnitt "Lösung"... Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop * Doppelklick auf die OTL.exe * Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen * Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output * Unter Extra Registry, wähle bitte Use SafeList * Klicke nun auf Run Scan links oben * Wenn der Scan beendet wurde werden 2 Logfiles erstellt * Poste die Logfiles hier in den Thread. TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ |
|
01.12.2011, 20:37
| #3 |
| | Sophos Scan hat Trojaner und Maleware gefunden Ohh!! Hab ich vergessen.
__________________Windows 7 Prof. 32bit mit Service Pack 1 |
|
01.12.2011, 20:40
| #4 |
| | Sophos Scan hat Trojaner und Maleware gefunden Hi, ok, Programme wo aufgeführt als "Admin" ausführen... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
01.12.2011, 21:09
| #5 |
| | Log Datei Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8286 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 01.12.2011 21:08:17 mbam-log-2011-12-01 (21-08-17).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 169415 Laufzeit: 10 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Vincenzo\AppData\Roaming\acroiehelpe054.dll (Trojan.Passwords) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\acroiehelpe053.dll (Trojan.Passwords) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\appconf32.exe (Malware.Gen) -> Quarantined and deleted successfully. |
|
01.12.2011, 21:20
| #6 |
| | Sophos Scan hat Trojaner und Maleware gefunden Hi, STOP! Kein Quickscann, FULLSCAN! Und sofort von einem sauberen Rechner aus alle Internetpasswörter ändern! chris
__________________ --> Sophos Scan hat Trojaner und Maleware gefunden |
|
02.12.2011, 08:13
| #7 |
| | Log Datei Full Scan Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8286 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 02.12.2011 08:12:47 mbam-log-2011-12-02 (08-12-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 729447 Laufzeit: 3 Stunde(n), 39 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 16 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\Samsung\samsung pc studio 3\Update\Copyer.exe (Adware.Kraddare) -> Quarantined and deleted successfully. c:\program files\Samsung\samsung pc studio 3\Update\liveupdate.exe (Adware.Kraddare) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5049\components\AcroFF5.dll (Trojan.Passwords) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5049\components\AcroFF6.dll (Trojan.Passwords) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5049\components\AcroFF7.dll (Trojan.Passwords) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5049\components\AcroFF8.dll (Trojan.Keylogger) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5050\components\acroff0505.dll (Trojan.Passwords) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5050\components\acroff0506.dll (Trojan.Passwords) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5050\components\acroff0507.dll (Trojan.Passwords) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5051\components\acroff051.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5051\components\acroff0510.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5051\components\acroff0515.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5051\components\acroff0516.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5051\components\acroff0517.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Vincenzo\AppData\Roaming\5051\components\acroff0518.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Vincenzo\Links\U1001.exe (PUP.UltraSurf) -> Quarantined and deleted successfully. |
|
02.12.2011, 12:07
| #8 |
| | Sophos Scan hat Trojaner und Maleware gefunden Hallo, nachdem das gröbste weg ist, bitte die anderen Logs (OTL, TDSS-Killer) ebenfalls poste.... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
02.12.2011, 17:06
| #9 |
| | OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.12.2011 16:57:57 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vincenzo\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,36% Memory free 5,99 Gb Paging File | 4,32 Gb Available in Paging File | 72,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 338,26 Gb Free Space | 72,64% Space Free | Partition Type: NTFS Computer Name: VINCENZO-PC | User Name: Vincenzo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vincenzo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - c:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) PRC - c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll () ========== Win32 Services (SafeList) ========== SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe () SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) SRV - (LcSvrAdm) -- c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) SRV - (LcSvrHis) -- c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) SRV - (LcSvrSaz) -- c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) SRV - (LcSvrAuf) -- c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) SRV - (LcSvrPAS) -- c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) SRV - (LcSvrDba) -- c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard) DRV - (iscFlash) -- C:\swsetup\sp45138\iscflash.sys (Insyde Software) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM) DRV - (PVUSB) -- C:\Windows\System32\drivers\CESG502.sys (Hitachi Semiconductor and Devices Sales Co.,Ltd.) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 77 EB E3 D1 AA CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 20:22:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 20:22:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.30 14:16:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.30 14:16:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Vincenzo\AppData\Roaming\5051 [2011.11.28 20:40:45 | 000,000,000 | ---D | M] [2011.09.16 16:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions [2009.12.21 21:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.28 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Firefox\Profiles\0sn3yrha.default\extensions [2011.11.12 18:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.28 20:40:45 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\VINCENZO\APPDATA\ROAMING\5051 () (No name found) -- C:\USERS\VINCENZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0SN3YRHA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.11 20:04:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.10.06 20:01:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.06 20:01:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.06 20:01:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 20:01:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 20:01:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 20:01:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office XP\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6254A1D2-3EED-44D2-9F3C-21F2525BB591}: DhcpNameServer = 134.108.34.5 134.108.34.6 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8C7BF2-C42F-4BD7-852F-7AC3AD549007}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell - "" = AutoRun O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.02 16:53:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe [2011.12.01 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Malwarebytes [2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.01 20:54:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.01 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.01 13:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.12.01 13:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.01 12:42:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2011.12.01 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\PackageAware [2011.11.28 20:40:42 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5051 [2011.11.27 16:22:38 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\PDF24 [2011.11.25 21:46:12 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5050 [2011.11.24 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5049 [2011.11.24 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\xmldm [2011.11.24 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\kock [2011.11.17 22:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.17 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\A_Klasse [2011.11.16 20:25:24 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Axialis [2011.11.09 17:34:03 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.11.05 22:37:13 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Handy [2011.11.05 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Reifen [2009.12.20 00:27:03 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe [2009.12.20 00:27:03 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe [2009.12.20 00:27:03 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe [2009.12.20 00:27:03 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe [2009.12.20 00:27:03 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.02 17:03:08 | 001,547,774 | ---- | M] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip [2011.12.02 16:53:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe [2011.12.02 16:39:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.02 15:48:19 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.02 15:43:31 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 15:43:31 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 15:41:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.02 08:17:48 | 000,000,982 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011.12.02 08:15:44 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys [2011.12.01 22:53:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.01 19:34:02 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Vincenzo.job [2011.12.01 13:16:01 | 003,690,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.01 13:12:04 | 000,000,036 | ---- | M] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res [2011.12.01 13:03:12 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.27 10:03:59 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.27 10:03:59 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.27 10:03:59 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.27 10:03:59 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.22 21:58:04 | 000,026,187 | ---- | M] () -- C:\Users\Vincenzo\Desktop\Lebenslauf Artemitschuk.pdf [2011.11.21 12:27:13 | 000,579,494 | ---- | M] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf [2011.11.20 16:36:02 | 000,067,388 | ---- | M] () -- C:\Users\Vincenzo\Desktop\AngemeldetePruefungen4eebd375-b824-4881-bee2-f6b5f3b3802f.pdf [2011.11.15 20:50:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.13 19:20:47 | 000,620,234 | ---- | M] () -- C:\Users\Vincenzo\SHARK.INI [2011.11.08 16:17:05 | 006,028,664 | ---- | M] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.02 17:02:52 | 001,547,774 | ---- | C] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip [2011.12.01 22:53:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.01 13:03:12 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.28 15:15:08 | 000,000,036 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res [2011.11.22 21:58:04 | 000,026,187 | ---- | C] () -- C:\Users\Vincenzo\Desktop\Lebenslauf Artemitschuk.pdf [2011.11.21 12:27:13 | 000,579,494 | ---- | C] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf [2011.11.20 16:35:57 | 000,067,388 | ---- | C] () -- C:\Users\Vincenzo\Desktop\AngemeldetePruefungen4eebd375-b824-4881-bee2-f6b5f3b3802f.pdf [2011.11.08 16:17:04 | 006,028,664 | ---- | C] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf [2011.10.09 16:07:42 | 000,180,988 | ---- | C] () -- C:\Windows\hpoins13.dat.temp [2011.10.09 16:07:42 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat.temp [2011.05.18 17:58:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.17 20:34:45 | 000,007,602 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\Resmon.ResmonCfg [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.05 18:34:42 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini [2011.01.10 13:25:34 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.30 14:13:23 | 000,000,616 | ---- | C] () -- C:\Windows\System32\NTS5CSET.INI [2010.06.15 16:16:35 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.14 16:54:23 | 000,000,096 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\fusioncache.dat [2009.12.24 22:11:33 | 000,005,120 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.24 21:34:53 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll [2009.12.24 20:19:39 | 000,181,013 | ---- | C] () -- C:\Windows\hpoins13.dat [2009.12.24 20:19:39 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat [2009.12.20 00:26:20 | 000,000,982 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009.12.19 23:50:49 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 09:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 003,690,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > |
|
02.12.2011, 17:08
| #10 |
| | OTL OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.12.2011 16:57:57 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vincenzo\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,36% Memory free
5,99 Gb Paging File | 4,32 Gb Available in Paging File | 72,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 338,26 Gb Free Space | 72,64% Space Free | Partition Type: NTFS
Computer Name: VINCENZO-PC | User Name: Vincenzo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7AED71CD-5538-4A60-8ECF-B9C45CD21E9C}" = GameSpy Comrade
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8933F8EE-26E2-41A7-A6CF-2DC66869C102}" = ArcSoft Print Creations
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5049F43-18B8-4984-9B98-FE701B0D2526}" = Camtasia Studio 5
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_943" = Adobe Acrobat 9.4.3 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C867F57B-39C1-4341-A164-F569839BCCBF}" = Cards
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD v.2.21
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"DivX Setup.divx.com" = DivX-Setup
"ElsaWin" = ElsaWin
"ElsterFormular 11.2.0.4074" = ElsterFormular
"Graboid Video" = Graboid Video 1.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"lcc-win32 (base system)_is1" = lcc-win32 version 3.2 (base system)
"Lotus Engineering Software" = Lotus Engineering Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Oce 5250" = Oce 5250
"OpenVPN" = OpenVPN 2.1.1
"PKR" = PKR
"RealPlayer 12.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.08.2011 14:19:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2011 14:20:37 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2011 14:20:37 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2011 14:20:37 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2011 14:20:37 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2011 14:20:37 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2011 14:20:37 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2011 14:20:37 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.08.2011 14:20:37 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 19.08.2011 17:20:08 | Computer Name = Vincenzo-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 6.0.0.4240 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1398 Startzeit:
01cc5e82c82784b0 Endzeit: 29 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
00915156-caa9-11e0-bf05-001e68f7211d
[ System Events ]
Error - 02.12.2011 02:39:37 | Computer Name = Vincenzo-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...TEM32\sechost.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess swi_lsp_instal, (Überprüfung des
Zeitstempels [ 1ccb0bd29049308]).
Error - 02.12.2011 02:39:37 | Computer Name = Vincenzo-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...ystem32\IMM32.DLL] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess swi_lsp_instal, (Überprüfung des
Zeitstempels [ 1ccb0bd2906dd01]).
Error - 02.12.2011 02:39:37 | Computer Name = Vincenzo-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...2\acaptuser32.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess swi_lsp_instal, (Überprüfung des
Zeitstempels [ 1ccb0bd290a115d]).
Error - 02.12.2011 02:39:37 | Computer Name = Vincenzo-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...OS~1\SOPHOS~1.DLL] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess swi_lsp_instal, (Überprüfung des
Zeitstempels [ 1ccb0bd2910ef47]).
Error - 02.12.2011 02:39:37 | Computer Name = Vincenzo-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...tem32\profapi.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess swi_lsp_instal, (Überprüfung des
Zeitstempels [ 1ccb0bd2923b43d]).
Error - 02.12.2011 02:39:37 | Computer Name = Vincenzo-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...ystem32\rpcss.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess swi_lsp_instal, (Überprüfung des
Zeitstempels [ 1ccb0bd29264c57]).
Error - 02.12.2011 02:39:37 | Computer Name = Vincenzo-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...m32\CRYPTBASE.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess swi_lsp_instal, (Überprüfung des
Zeitstempels [ 1ccb0bd292e89d6]).
Error - 02.12.2011 02:39:37 | Computer Name = Vincenzo-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...tem32\PROPSYS.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess swi_lsp_instal, (Überprüfung des
Zeitstempels [ 1ccb0bd293121f0]).
Error - 02.12.2011 02:39:37 | Computer Name = Vincenzo-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...tem32\SHELL32.dll] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess swi_lsp_instal, (Überprüfung des
Zeitstempels [ 1ccb0bd2937ffd9]).
Error - 02.12.2011 03:16:51 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
< End of report >
|
|
02.12.2011, 17:22
| #11 |
| | TDSSKiller 17:11:24.0059 5544 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 17:11:24.0756 5544 ============================================================ 17:11:24.0756 5544 Current date / time: 2011/12/02 17:11:24.0756 17:11:24.0756 5544 SystemInfo: 17:11:24.0756 5544 17:11:24.0756 5544 OS Version: 6.1.7601 ServicePack: 1.0 17:11:24.0756 5544 Product type: Workstation 17:11:24.0756 5544 ComputerName: VINCENZO-PC 17:11:24.0757 5544 UserName: Vincenzo 17:11:24.0757 5544 Windows directory: C:\Windows 17:11:24.0757 5544 System windows directory: C:\Windows 17:11:24.0757 5544 Processor architecture: Intel x86 17:11:24.0757 5544 Number of processors: 2 17:11:24.0757 5544 Page size: 0x1000 17:11:24.0757 5544 Boot type: Normal boot 17:11:24.0757 5544 ============================================================ 17:11:26.0204 5544 Initialize success 17:11:51.0731 4436 ============================================================ 17:11:51.0731 4436 Scan started 17:11:51.0731 4436 Mode: Manual; 17:11:51.0731 4436 ============================================================ 17:11:52.0137 4436 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 17:11:52.0138 4436 1394ohci - ok 17:11:52.0211 4436 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\Windows\system32\DRIVERS\Accelerometer.sys 17:11:52.0211 4436 Accelerometer - ok 17:11:52.0345 4436 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 17:11:52.0347 4436 ACPI - ok 17:11:52.0407 4436 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 17:11:52.0407 4436 AcpiPmi - ok 17:11:52.0465 4436 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 17:11:52.0467 4436 adp94xx - ok 17:11:52.0492 4436 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 17:11:52.0494 4436 adpahci - ok 17:11:52.0519 4436 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 17:11:52.0521 4436 adpu320 - ok 17:11:52.0698 4436 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 17:11:52.0700 4436 AFD - ok 17:11:52.0755 4436 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 17:11:52.0756 4436 agp440 - ok 17:11:52.0801 4436 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 17:11:52.0802 4436 aic78xx - ok 17:11:52.0870 4436 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 17:11:52.0870 4436 aliide - ok 17:11:52.0923 4436 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 17:11:52.0924 4436 amdagp - ok 17:11:52.0940 4436 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 17:11:52.0940 4436 amdide - ok 17:11:52.0978 4436 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 17:11:52.0979 4436 AmdK8 - ok 17:11:52.0991 4436 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 17:11:52.0992 4436 AmdPPM - ok 17:11:53.0036 4436 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 17:11:53.0037 4436 amdsata - ok 17:11:53.0096 4436 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 17:11:53.0098 4436 amdsbs - ok 17:11:53.0126 4436 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 17:11:53.0127 4436 amdxata - ok 17:11:53.0204 4436 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 17:11:53.0207 4436 AppID - ok 17:11:53.0367 4436 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 17:11:53.0368 4436 arc - ok 17:11:53.0381 4436 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 17:11:53.0388 4436 arcsas - ok 17:11:53.0414 4436 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 17:11:53.0415 4436 AsyncMac - ok 17:11:53.0458 4436 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 17:11:53.0458 4436 atapi - ok 17:11:53.0620 4436 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 17:11:53.0623 4436 b06bdrv - ok 17:11:53.0670 4436 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 17:11:53.0672 4436 b57nd60x - ok 17:11:53.0803 4436 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 17:11:53.0804 4436 Beep - ok 17:11:53.0832 4436 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 17:11:53.0833 4436 blbdrive - ok 17:11:53.0892 4436 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 17:11:53.0893 4436 bowser - ok 17:11:53.0906 4436 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:11:53.0906 4436 BrFiltLo - ok 17:11:53.0920 4436 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:11:53.0920 4436 BrFiltUp - ok 17:11:53.0960 4436 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 17:11:53.0962 4436 Brserid - ok 17:11:53.0975 4436 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 17:11:53.0975 4436 BrSerWdm - ok 17:11:53.0984 4436 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:11:53.0985 4436 BrUsbMdm - ok 17:11:53.0995 4436 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 17:11:53.0996 4436 BrUsbSer - ok 17:11:54.0007 4436 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 17:11:54.0008 4436 BTHMODEM - ok 17:11:54.0130 4436 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 17:11:54.0131 4436 cdfs - ok 17:11:54.0269 4436 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 17:11:54.0270 4436 cdrom - ok 17:11:54.0323 4436 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 17:11:54.0324 4436 circlass - ok 17:11:54.0415 4436 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 17:11:54.0418 4436 CLFS - ok 17:11:54.0504 4436 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 17:11:54.0505 4436 CmBatt - ok 17:11:54.0606 4436 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 17:11:54.0606 4436 cmdide - ok 17:11:54.0643 4436 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 17:11:54.0646 4436 CNG - ok 17:11:54.0793 4436 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 17:11:54.0794 4436 Compbatt - ok 17:11:54.0842 4436 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 17:11:54.0843 4436 CompositeBus - ok 17:11:54.0906 4436 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 17:11:54.0907 4436 crcdisk - ok 17:11:55.0040 4436 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 17:11:55.0042 4436 CSC - ok 17:11:55.0111 4436 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 17:11:55.0112 4436 DfsC - ok 17:11:55.0153 4436 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 17:11:55.0153 4436 discache - ok 17:11:55.0266 4436 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 17:11:55.0266 4436 Disk - ok 17:11:55.0316 4436 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys 17:11:55.0318 4436 Dot4 - ok 17:11:55.0370 4436 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys 17:11:55.0371 4436 Dot4Print - ok 17:11:55.0390 4436 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys 17:11:55.0391 4436 dot4usb - ok 17:11:55.0450 4436 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 17:11:55.0450 4436 drmkaud - ok 17:11:55.0502 4436 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 17:11:55.0507 4436 DXGKrnl - ok 17:11:55.0618 4436 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 17:11:55.0707 4436 ebdrv - ok 17:11:55.0830 4436 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 17:11:55.0833 4436 elxstor - ok 17:11:55.0875 4436 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys 17:11:55.0876 4436 enecir - ok 17:11:55.0916 4436 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 17:11:55.0917 4436 ErrDev - ok 17:11:55.0969 4436 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 17:11:55.0970 4436 exfat - ok 17:11:55.0980 4436 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 17:11:55.0981 4436 fastfat - ok 17:11:56.0006 4436 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 17:11:56.0006 4436 fdc - ok 17:11:56.0024 4436 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 17:11:56.0024 4436 FileInfo - ok 17:11:56.0038 4436 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 17:11:56.0039 4436 Filetrace - ok 17:11:56.0061 4436 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 17:11:56.0062 4436 flpydisk - ok 17:11:56.0168 4436 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 17:11:56.0169 4436 FltMgr - ok 17:11:56.0185 4436 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 17:11:56.0186 4436 FsDepends - ok 17:11:56.0196 4436 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 17:11:56.0196 4436 Fs_Rec - ok 17:11:56.0241 4436 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 17:11:56.0243 4436 fvevol - ok 17:11:56.0292 4436 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:11:56.0293 4436 gagp30kx - ok 17:11:56.0437 4436 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 17:11:56.0438 4436 hcw85cir - ok 17:11:56.0491 4436 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 17:11:56.0493 4436 HdAudAddService - ok 17:11:56.0546 4436 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 17:11:56.0547 4436 HDAudBus - ok 17:11:56.0730 4436 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 17:11:56.0731 4436 HidBatt - ok 17:11:56.0834 4436 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 17:11:56.0835 4436 HidBth - ok 17:11:56.0859 4436 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 17:11:56.0860 4436 HidIr - ok 17:11:56.0992 4436 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 17:11:56.0993 4436 HidUsb - ok 17:11:57.0058 4436 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\Windows\system32\DRIVERS\hpdskflt.sys 17:11:57.0059 4436 hpdskflt - ok 17:11:57.0247 4436 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 17:11:57.0248 4436 HpqKbFiltr - ok 17:11:57.0307 4436 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 17:11:57.0308 4436 HpSAMD - ok 17:11:57.0390 4436 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 17:11:57.0394 4436 HTTP - ok 17:11:57.0431 4436 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 17:11:57.0431 4436 hwpolicy - ok 17:11:57.0482 4436 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 17:11:57.0483 4436 i8042prt - ok 17:11:57.0534 4436 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 17:11:57.0537 4436 iaStorV - ok 17:11:57.0580 4436 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 17:11:57.0581 4436 iirsp - ok 17:11:57.0628 4436 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 17:11:57.0629 4436 intelide - ok 17:11:57.0655 4436 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 17:11:57.0656 4436 intelppm - ok 17:11:57.0669 4436 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:11:57.0670 4436 IpFilterDriver - ok 17:11:57.0725 4436 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 17:11:57.0726 4436 IPMIDRV - ok 17:11:57.0763 4436 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 17:11:57.0764 4436 IPNAT - ok 17:11:57.0782 4436 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 17:11:57.0782 4436 IRENUM - ok 17:11:57.0817 4436 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 17:11:57.0818 4436 isapnp - ok 17:11:57.0940 4436 iscFlash (5f481c5493164163076f09a0b6ac2c00) C:\SwSetup\sp45138\iscflash.sys 17:11:57.0940 4436 iscFlash - ok 17:11:58.0065 4436 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 17:11:58.0067 4436 iScsiPrt - ok 17:11:58.0135 4436 JMCR (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys 17:11:58.0136 4436 JMCR - ok 17:11:58.0191 4436 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 17:11:58.0192 4436 kbdclass - ok 17:11:58.0263 4436 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 17:11:58.0263 4436 kbdhid - ok 17:11:58.0306 4436 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 17:11:58.0307 4436 KSecDD - ok 17:11:58.0357 4436 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 17:11:58.0358 4436 KSecPkg - ok 17:11:58.0607 4436 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 17:11:58.0607 4436 lltdio - ok 17:11:58.0640 4436 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:11:58.0641 4436 LSI_FC - ok 17:11:58.0652 4436 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:11:58.0653 4436 LSI_SAS - ok 17:11:58.0663 4436 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:11:58.0664 4436 LSI_SAS2 - ok 17:11:58.0675 4436 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:11:58.0676 4436 LSI_SCSI - ok 17:11:58.0692 4436 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 17:11:58.0693 4436 luafv - ok 17:11:58.0802 4436 LUMDriver (ca020db361524d1182138efeaa8cf8f3) C:\Windows\system32\drivers\LUMDriver.sys 17:11:58.0803 4436 LUMDriver - ok 17:11:58.0936 4436 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 17:11:58.0937 4436 MBAMProtector - ok 17:11:59.0081 4436 MBAMSwissArmy - ok 17:11:59.0118 4436 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 17:11:59.0119 4436 megasas - ok 17:11:59.0160 4436 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 17:11:59.0162 4436 MegaSR - ok 17:11:59.0263 4436 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 17:11:59.0264 4436 Modem - ok 17:11:59.0282 4436 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 17:11:59.0282 4436 monitor - ok 17:11:59.0397 4436 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 17:11:59.0397 4436 mouclass - ok 17:11:59.0451 4436 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 17:11:59.0451 4436 mouhid - ok 17:11:59.0494 4436 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 17:11:59.0495 4436 mountmgr - ok 17:11:59.0546 4436 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 17:11:59.0547 4436 mpio - ok 17:11:59.0556 4436 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 17:11:59.0558 4436 mpsdrv - ok 17:11:59.0629 4436 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 17:11:59.0630 4436 MRxDAV - ok 17:11:59.0696 4436 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:11:59.0697 4436 mrxsmb - ok 17:11:59.0748 4436 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:11:59.0750 4436 mrxsmb10 - ok 17:11:59.0780 4436 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:11:59.0781 4436 mrxsmb20 - ok 17:11:59.0833 4436 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 17:11:59.0834 4436 msahci - ok 17:11:59.0895 4436 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 17:11:59.0896 4436 msdsm - ok 17:11:59.0937 4436 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 17:11:59.0938 4436 Msfs - ok 17:11:59.0947 4436 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 17:11:59.0947 4436 mshidkmdf - ok 17:11:59.0983 4436 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 17:11:59.0983 4436 msisadrv - ok 17:12:00.0033 4436 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 17:12:00.0034 4436 MSKSSRV - ok 17:12:00.0045 4436 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 17:12:00.0046 4436 MSPCLOCK - ok 17:12:00.0058 4436 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 17:12:00.0058 4436 MSPQM - ok 17:12:00.0070 4436 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 17:12:00.0072 4436 MsRPC - ok 17:12:00.0102 4436 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 17:12:00.0102 4436 mssmbios - ok 17:12:00.0112 4436 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 17:12:00.0113 4436 MSTEE - ok 17:12:00.0123 4436 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 17:12:00.0124 4436 MTConfig - ok 17:12:00.0161 4436 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 17:12:00.0162 4436 Mup - ok 17:12:00.0215 4436 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 17:12:00.0217 4436 NativeWifiP - ok 17:12:00.0391 4436 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 17:12:00.0397 4436 NDIS - ok 17:12:00.0448 4436 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 17:12:00.0449 4436 NdisCap - ok 17:12:00.0466 4436 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 17:12:00.0467 4436 NdisTapi - ok 17:12:00.0509 4436 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 17:12:00.0509 4436 Ndisuio - ok 17:12:00.0544 4436 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 17:12:00.0545 4436 NdisWan - ok 17:12:00.0581 4436 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 17:12:00.0582 4436 NDProxy - ok 17:12:00.0744 4436 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 17:12:00.0744 4436 NetBIOS - ok 17:12:00.0784 4436 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 17:12:00.0786 4436 NetBT - ok 17:12:01.0038 4436 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys 17:12:01.0224 4436 NETw5s32 - ok 17:12:01.0441 4436 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 17:12:01.0536 4436 netw5v32 - ok 17:12:01.0634 4436 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 17:12:01.0635 4436 nfrd960 - ok 17:12:01.0664 4436 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 17:12:01.0665 4436 Npfs - ok 17:12:01.0678 4436 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 17:12:01.0679 4436 nsiproxy - ok 17:12:01.0751 4436 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 17:12:01.0759 4436 Ntfs - ok 17:12:01.0800 4436 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 17:12:01.0801 4436 Null - ok 17:12:01.0862 4436 NVHDA (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys 17:12:01.0863 4436 NVHDA - ok 17:12:02.0155 4436 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:12:02.0247 4436 nvlddmkm - ok 17:12:02.0298 4436 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 17:12:02.0299 4436 nvraid - ok 17:12:02.0321 4436 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 17:12:02.0323 4436 nvstor - ok 17:12:02.0372 4436 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 17:12:02.0373 4436 nv_agp - ok 17:12:02.0437 4436 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 17:12:02.0438 4436 ohci1394 - ok 17:12:02.0532 4436 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 17:12:02.0533 4436 Parport - ok 17:12:02.0572 4436 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 17:12:02.0573 4436 partmgr - ok 17:12:02.0585 4436 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 17:12:02.0586 4436 Parvdm - ok 17:12:02.0641 4436 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 17:12:02.0642 4436 pci - ok 17:12:02.0703 4436 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 17:12:02.0704 4436 pciide - ok 17:12:02.0756 4436 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 17:12:02.0757 4436 pcmcia - ok 17:12:02.0767 4436 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 17:12:02.0768 4436 pcw - ok 17:12:02.0787 4436 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 17:12:02.0791 4436 PEAUTH - ok 17:12:02.0866 4436 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 17:12:02.0867 4436 PptpMiniport - ok 17:12:02.0888 4436 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 17:12:02.0889 4436 Processor - ok 17:12:03.0007 4436 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 17:12:03.0008 4436 Psched - ok 17:12:03.0055 4436 PVUSB (72289d214b581981a860b0f9fb61e9c8) C:\Windows\system32\DRIVERS\CESG502.sys 17:12:03.0055 4436 PVUSB - ok 17:12:03.0109 4436 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 17:12:03.0118 4436 ql2300 - ok 17:12:03.0128 4436 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 17:12:03.0130 4436 ql40xx - ok 17:12:03.0157 4436 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 17:12:03.0158 4436 QWAVEdrv - ok 17:12:03.0176 4436 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 17:12:03.0176 4436 RasAcd - ok 17:12:03.0216 4436 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:12:03.0217 4436 RasAgileVpn - ok 17:12:03.0251 4436 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:12:03.0252 4436 Rasl2tp - ok 17:12:03.0375 4436 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 17:12:03.0376 4436 RasPppoe - ok 17:12:03.0387 4436 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 17:12:03.0388 4436 RasSstp - ok 17:12:03.0437 4436 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 17:12:03.0439 4436 rdbss - ok 17:12:03.0448 4436 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 17:12:03.0449 4436 rdpbus - ok 17:12:03.0481 4436 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:12:03.0481 4436 RDPCDD - ok 17:12:03.0524 4436 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 17:12:03.0526 4436 RDPDR - ok 17:12:03.0575 4436 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 17:12:03.0576 4436 RDPENCDD - ok 17:12:03.0598 4436 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 17:12:03.0599 4436 RDPREFMP - ok 17:12:03.0653 4436 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 17:12:03.0655 4436 RDPWD - ok 17:12:03.0689 4436 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 17:12:03.0690 4436 rdyboost - ok 17:12:03.0874 4436 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 17:12:03.0875 4436 rspndr - ok 17:12:03.0926 4436 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys 17:12:03.0927 4436 RTL8167 - ok 17:12:03.0983 4436 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 17:12:03.0984 4436 s3cap - ok 17:12:04.0160 4436 SAVOnAccess (ae668d3f43fc90bc17f62e08ff82a446) C:\Windows\system32\DRIVERS\savonaccess.sys 17:12:04.0161 4436 SAVOnAccess - ok 17:12:04.0324 4436 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 17:12:04.0325 4436 sbp2port - ok 17:12:04.0363 4436 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 17:12:04.0364 4436 scfilter - ok 17:12:04.0440 4436 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 17:12:04.0441 4436 sdbus - ok 17:12:04.0491 4436 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 17:12:04.0492 4436 secdrv - ok 17:12:04.0523 4436 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 17:12:04.0524 4436 Serenum - ok 17:12:04.0537 4436 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 17:12:04.0538 4436 Serial - ok 17:12:04.0583 4436 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 17:12:04.0583 4436 sermouse - ok 17:12:04.0641 4436 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 17:12:04.0642 4436 sffdisk - ok 17:12:04.0661 4436 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 17:12:04.0662 4436 sffp_mmc - ok 17:12:04.0671 4436 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 17:12:04.0672 4436 sffp_sd - ok 17:12:04.0683 4436 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 17:12:04.0684 4436 sfloppy - ok 17:12:04.0739 4436 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 17:12:04.0740 4436 sisagp - ok 17:12:04.0766 4436 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:12:04.0766 4436 SiSRaid2 - ok 17:12:04.0779 4436 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 17:12:04.0780 4436 SiSRaid4 - ok 17:12:04.0806 4436 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 17:12:04.0807 4436 Smb - ok 17:12:04.0946 4436 SophosBootDriver (f2b7bd04146b3e6a895a1919e1f5da89) C:\Windows\system32\DRIVERS\SophosBootDriver.sys 17:12:04.0947 4436 SophosBootDriver - ok 17:12:04.0981 4436 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 17:12:04.0982 4436 spldr - ok 17:12:05.0157 4436 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 17:12:05.0157 4436 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 17:12:05.0178 4436 sptd ( LockedFile.Multi.Generic ) - warning 17:12:05.0178 4436 sptd - detected LockedFile.Multi.Generic (1) 17:12:05.0233 4436 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 17:12:05.0236 4436 srv - ok 17:12:05.0295 4436 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 17:12:05.0298 4436 srv2 - ok 17:12:05.0358 4436 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 17:12:05.0359 4436 srvnet - ok 17:12:05.0437 4436 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\Windows\system32\DRIVERS\ssm_bus.sys 17:12:05.0438 4436 ssm_bus - ok 17:12:05.0454 4436 ssm_mdfl (5347169fa449eabc4d0728ae39fab926) C:\Windows\system32\DRIVERS\ssm_mdfl.sys 17:12:05.0455 4436 ssm_mdfl - ok 17:12:05.0473 4436 ssm_mdm (7aae23dd105eed15c4f45fc269fa42a9) C:\Windows\system32\DRIVERS\ssm_mdm.sys 17:12:05.0475 4436 ssm_mdm - ok 17:12:05.0536 4436 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 17:12:05.0537 4436 stexstor - ok 17:12:05.0620 4436 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys 17:12:05.0623 4436 STHDA - ok 17:12:05.0682 4436 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 17:12:05.0683 4436 storflt - ok 17:12:05.0711 4436 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 17:12:05.0712 4436 storvsc - ok 17:12:05.0760 4436 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 17:12:05.0761 4436 swenum - ok 17:12:05.0939 4436 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys 17:12:05.0941 4436 SynTP - ok 17:12:05.0987 4436 tap0901 (5c7c939bbd03784fe58c80578d065cc9) C:\Windows\system32\DRIVERS\tap0901.sys 17:12:05.0988 4436 tap0901 - ok 17:12:06.0061 4436 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 17:12:06.0069 4436 Tcpip - ok 17:12:06.0117 4436 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 17:12:06.0126 4436 TCPIP6 - ok 17:12:06.0165 4436 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 17:12:06.0166 4436 tcpipreg - ok 17:12:06.0200 4436 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 17:12:06.0201 4436 TDPIPE - ok 17:12:06.0224 4436 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 17:12:06.0224 4436 TDTCP - ok 17:12:06.0260 4436 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 17:12:06.0261 4436 tdx - ok 17:12:06.0306 4436 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 17:12:06.0307 4436 TermDD - ok 17:12:06.0394 4436 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:12:06.0395 4436 tssecsrv - ok 17:12:06.0481 4436 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 17:12:06.0482 4436 TsUsbFlt - ok 17:12:06.0564 4436 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 17:12:06.0565 4436 tunnel - ok 17:12:06.0606 4436 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 17:12:06.0607 4436 uagp35 - ok 17:12:06.0656 4436 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 17:12:06.0658 4436 udfs - ok 17:12:06.0721 4436 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 17:12:06.0722 4436 uliagpkx - ok 17:12:06.0777 4436 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 17:12:06.0778 4436 umbus - ok 17:12:06.0816 4436 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 17:12:06.0817 4436 UmPass - ok 17:12:06.0865 4436 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 17:12:06.0866 4436 usbccgp - ok 17:12:06.0926 4436 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 17:12:06.0927 4436 usbcir - ok 17:12:06.0978 4436 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys 17:12:06.0978 4436 usbehci - ok 17:12:07.0041 4436 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 17:12:07.0043 4436 usbhub - ok 17:12:07.0090 4436 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 17:12:07.0091 4436 usbohci - ok 17:12:07.0137 4436 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 17:12:07.0138 4436 usbprint - ok 17:12:07.0171 4436 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 17:12:07.0172 4436 usbscan - ok 17:12:07.0229 4436 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:12:07.0230 4436 USBSTOR - ok 17:12:07.0282 4436 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 17:12:07.0283 4436 usbuhci - ok 17:12:07.0361 4436 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 17:12:07.0362 4436 usbvideo - ok 17:12:07.0420 4436 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 17:12:07.0421 4436 vdrvroot - ok 17:12:07.0477 4436 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 17:12:07.0478 4436 vga - ok 17:12:07.0488 4436 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 17:12:07.0489 4436 VgaSave - ok 17:12:07.0561 4436 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 17:12:07.0562 4436 vhdmp - ok 17:12:07.0623 4436 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 17:12:07.0624 4436 viaagp - ok 17:12:07.0661 4436 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 17:12:07.0662 4436 ViaC7 - ok 17:12:07.0690 4436 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 17:12:07.0691 4436 viaide - ok 17:12:07.0747 4436 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 17:12:07.0749 4436 vmbus - ok 17:12:07.0794 4436 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 17:12:07.0795 4436 VMBusHID - ok 17:12:07.0813 4436 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 17:12:07.0814 4436 volmgr - ok 17:12:07.0861 4436 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 17:12:07.0863 4436 volmgrx - ok 17:12:07.0905 4436 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 17:12:07.0907 4436 volsnap - ok 17:12:08.0019 4436 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 17:12:08.0020 4436 vsmraid - ok 17:12:08.0032 4436 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 17:12:08.0033 4436 vwifibus - ok 17:12:08.0060 4436 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 17:12:08.0061 4436 vwififlt - ok 17:12:08.0174 4436 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 17:12:08.0175 4436 vwifimp - ok 17:12:08.0190 4436 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 17:12:08.0191 4436 WacomPen - ok 17:12:08.0279 4436 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 17:12:08.0280 4436 WANARP - ok 17:12:08.0290 4436 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 17:12:08.0291 4436 Wanarpv6 - ok 17:12:08.0379 4436 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 17:12:08.0380 4436 Wd - ok 17:12:08.0399 4436 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 17:12:08.0402 4436 Wdf01000 - ok 17:12:08.0443 4436 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 17:12:08.0444 4436 WfpLwf - ok 17:12:08.0456 4436 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 17:12:08.0457 4436 WIMMount - ok 17:12:08.0630 4436 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 17:12:08.0631 4436 WINUSB - ok 17:12:08.0712 4436 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 17:12:08.0713 4436 WmiAcpi - ok 17:12:08.0775 4436 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 17:12:08.0776 4436 ws2ifsl - ok 17:12:08.0898 4436 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 17:12:08.0899 4436 WudfPf - ok 17:12:09.0125 4436 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:12:09.0127 4436 WUDFRd - ok 17:12:09.0201 4436 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:12:09.0214 4436 \Device\Harddisk0\DR0 - ok 17:12:09.0218 4436 Boot (0x1200) (b56530f684c172e4a4f3ec79e25cabdc) \Device\Harddisk0\DR0\Partition0 17:12:09.0219 4436 \Device\Harddisk0\DR0\Partition0 - ok 17:12:09.0235 4436 Boot (0x1200) (1206dd90ebd5004427c0e23566c838a2) \Device\Harddisk0\DR0\Partition1 17:12:09.0236 4436 \Device\Harddisk0\DR0\Partition1 - ok 17:12:09.0236 4436 ============================================================ 17:12:09.0236 4436 Scan finished 17:12:09.0236 4436 ============================================================ 17:12:09.0253 3056 Detected object count: 1 17:12:09.0253 3056 Actual detected object count: 1 17:14:01.0603 3056 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot 17:14:01.0617 3056 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot 17:14:01.0644 3056 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot 17:14:01.0644 3056 sptd ( LockedFile.Multi.Generic ) - User select action: Delete 17:14:51.0163 5808 Deinitialize success |
|
02.12.2011, 17:35
| #12 |
| | Sophos Scan hat Trojaner und Maleware gefunden Nach einem Neustart warnt mich mein Sophos AntivirenProgramm immer noch: Typ: Virus/Spyware Name: Mal/Generic-S Details: C:\Users\Vincenzo\AppData\Roaming\5051\components\AcroFF051.dll |
|
02.12.2011, 22:30
| #13 |
| | Sophos Scan hat Trojaner und Maleware gefunden Hi, Hochschule Esslingen, korrekt? Bitte neues OTL-Log, wir kommen der Sache näher... chris Für mich: FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Vincenzo\AppData\Roaming\5051 [2011.11.28 20:40:45 | 000,000,000 | ---D | M]
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
02.12.2011, 22:35
| #14 |
| | Sophos Scan hat Trojaner und Maleware gefunden Ja korrekt. Wie hast du das jetzt rausgefunden??? OTL läuft grad wieder. |
|
02.12.2011, 22:47
| #15 |
| | OTL neu OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.12.2011 22:33:37 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vincenzo\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 27,41% Memory free 5,99 Gb Paging File | 4,20 Gb Available in Paging File | 70,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 337,11 Gb Free Space | 72,39% Space Free | Partition Type: NTFS Computer Name: VINCENZO-PC | User Name: Vincenzo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vincenzo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - c:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) PRC - c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll () ========== Win32 Services (SafeList) ========== SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe () SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) SRV - (LcSvrAdm) -- c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) SRV - (LcSvrHis) -- c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) SRV - (LcSvrSaz) -- c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) SRV - (LcSvrAuf) -- c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) SRV - (LcSvrPAS) -- c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) SRV - (LcSvrDba) -- c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard) DRV - (iscFlash) -- C:\swsetup\sp45138\iscflash.sys (Insyde Software) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM) DRV - (PVUSB) -- C:\Windows\System32\drivers\CESG502.sys (Hitachi Semiconductor and Devices Sales Co.,Ltd.) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 77 EB E3 D1 AA CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 20:22:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 20:22:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.30 14:16:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.30 14:16:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Vincenzo\AppData\Roaming\5051 [2011.11.28 20:40:45 | 000,000,000 | ---D | M] [2011.09.16 16:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions [2009.12.21 21:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.28 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Firefox\Profiles\0sn3yrha.default\extensions [2011.11.12 18:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.28 20:40:45 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\VINCENZO\APPDATA\ROAMING\5051 () (No name found) -- C:\USERS\VINCENZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0SN3YRHA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.11 20:04:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.10.06 20:01:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.06 20:01:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.06 20:01:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 20:01:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 20:01:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 20:01:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office XP\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6254A1D2-3EED-44D2-9F3C-21F2525BB591}: DhcpNameServer = 134.108.34.5 134.108.34.6 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8C7BF2-C42F-4BD7-852F-7AC3AD549007}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell - "" = AutoRun O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.02 16:53:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe [2011.12.01 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Malwarebytes [2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.01 20:54:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.01 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.01 13:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.12.01 13:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.01 12:42:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2011.12.01 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\PackageAware [2011.11.28 20:40:42 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5051 [2011.11.27 16:22:38 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\PDF24 [2011.11.25 21:46:12 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5050 [2011.11.24 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5049 [2011.11.24 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\xmldm [2011.11.24 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\kock [2011.11.24 12:33:42 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Vincenzo\Desktop\TDSSKiller.exe [2011.11.17 22:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.17 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\A_Klasse [2011.11.16 20:25:24 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Axialis [2011.11.09 17:34:03 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009.12.20 00:27:03 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe [2009.12.20 00:27:03 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe [2009.12.20 00:27:03 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe [2009.12.20 00:27:03 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe [2009.12.20 00:27:03 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.02 22:39:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.02 17:33:43 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 17:33:43 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 17:26:45 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.02 17:26:29 | 000,000,984 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011.12.02 17:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.02 17:25:25 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys [2011.12.02 17:03:08 | 001,547,774 | ---- | M] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip [2011.12.02 16:53:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe [2011.12.01 22:53:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.01 19:34:02 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Vincenzo.job [2011.12.01 13:16:01 | 003,690,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.01 13:12:04 | 000,000,036 | ---- | M] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res [2011.12.01 13:03:12 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.27 10:03:59 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.27 10:03:59 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.27 10:03:59 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.27 10:03:59 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vincenzo\Desktop\TDSSKiller.exe [2011.11.21 12:27:13 | 000,579,494 | ---- | M] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf [2011.11.15 20:50:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.13 19:20:47 | 000,620,234 | ---- | M] () -- C:\Users\Vincenzo\SHARK.INI [2011.11.08 16:17:05 | 006,028,664 | ---- | M] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.02 17:02:52 | 001,547,774 | ---- | C] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip [2011.12.01 22:53:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.01 13:03:12 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.28 15:15:08 | 000,000,036 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res [2011.11.21 12:27:13 | 000,579,494 | ---- | C] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf [2011.11.08 16:17:04 | 006,028,664 | ---- | C] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf [2011.10.09 16:07:42 | 000,180,988 | ---- | C] () -- C:\Windows\hpoins13.dat.temp [2011.10.09 16:07:42 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat.temp [2011.05.18 17:58:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.17 20:34:45 | 000,007,602 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\Resmon.ResmonCfg [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.05 18:34:42 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini [2011.01.10 13:25:34 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.30 14:13:23 | 000,000,616 | ---- | C] () -- C:\Windows\System32\NTS5CSET.INI [2010.06.15 16:16:35 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.14 16:54:23 | 000,000,096 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\fusioncache.dat [2009.12.24 22:11:33 | 000,005,120 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.24 21:34:53 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll [2009.12.24 20:19:39 | 000,181,013 | ---- | C] () -- C:\Windows\hpoins13.dat [2009.12.24 20:19:39 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat [2009.12.20 00:26:20 | 000,000,984 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009.12.19 23:50:49 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 09:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 003,690,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > |
|
| Themen zu Sophos Scan hat Trojaner und Maleware gefunden |
| antivirenprogramm, appdata, c:\windows, cache, control, ergebnis, firefox, komplette, laptop, laufen, maleware, maleware gefunden, neuinstallieren, programm, rechner, roaming, scan, schließe, security, sophos, starte, starten, system32, trojaner, version, öffnen |
Linear-Darstellung
