| |
| |||||||
Log-Analyse und Auswertung: Phorpiex Virus von Facebook loswerden, nur wie?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.12.2011, 14:59
| #1 |
| |  Phorpiex Virus von Facebook loswerden, nur wie? Hallo Leute, ich hab gestern von nem Facebookfreund nen Link geschickt bekommen, wo ich natürlich gleich draufgedrückt hab und seitdem wurde vielen Freunden aus meiner freundesliste eine Mail mit diesem Link geschrieben. Bei GuteFrage.net habe ich bereits erfahren, dass es sich um den Phorpiex Wurm handelt (hxxp://www.gutefrage.net/frage/facebook-virus-versendet-viren-automatisch-weiter-bitte-helft-mir). Außerdem wurde mir gesagt, dass ich mir das Programm Malwaresbyte runterladen soll und in diesem Forum die Logdaten posten soll: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8351 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 11.12.2011 14:30:50 mbam-log-2011-12-11 (14-30-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 767095 Laufzeit: 2 Stunde(n), 45 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 12 Infizierte Speicherprozesse: c:\Users\tom\2397-5973-7874-8623\winmgr.exe (Backdoor.IRCBot) -> 1072 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Manager (Backdoor.IRCBot) -> Value: Microsoft® Windows Manager -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\tom\2397-5973-7874-8623\winmgr.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Users\tom\downloads\img05205805.jpg.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\Google\Chrome\user data\Default\Cache\f_000868 (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\C10DZ0G1\f[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\C10DZ0G1\b[1].exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\C10DZ0G1\st[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\Temp\9750271.exe (Spyware.Zbot) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\Temp\0340509.exe (Spyware.Zbot) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\Temp\16538.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\Temp\2104002.exe (Spyware.Zbot) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\Temp\3949066.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\tom\AppData\Local\Temp\msimg32.dll (Trojan.Agent) -> Quarantined and deleted successfully. Was soll ich nun machen? Ist der Virus jetzt beseitigt?  Danke schonmal,TL |
|
12.12.2011, 14:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Phorpiex Virus von Facebook loswerden, nur wie? Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
|
14.12.2011, 06:36
| #3 |
| | Phorpiex Virus von Facebook loswerden, nur wie? Hallo cosius,
__________________ich habe den ESET Online Scanner nun durchlaufen lassen und er hat eine Infected File gefunden. Dabei handelt es sich aber glaube ich nicht um den Virus Phorpiex sondern um irgendeinen Virus von der Downloadseite Softonic. Hier dei log.exe: ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not read file from internet.ESETSmartInstaller@High as downloader log: Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log: Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log: Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log: Can not read file from internet.# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=56b1ff17ec058a479105400ff87dd2dc # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-13 10:14:39 # local_time=2011-12-13 11:14:39 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776574 100 100 4668 161324724 0 0 # compatibility_mode=8192 67108863 100 0 5520 5520 0 0 # scanned=597470 # found=1 # cleaned=0 # scan_time=22483 C:\Users\tom\Downloads\SoftonicDownloader_fuer_guitar-pro.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I Was soll ich nun tun? Ist der Phorpiex Virus jetzt entfernt? Wie kann ich die Infected File von Softonic nun entfernen? Danke schonmal,TL  |
|
14.12.2011, 11:45
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phorpiex Virus von Facebook loswerden, nur wie? CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.12.2011, 14:15
| #5 |
| | Phorpiex Virus von Facebook loswerden, nur wie? Hier die OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.12.2011 13:50:24 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\tom\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 64,99% Memory free 6,72 Gb Paging File | 5,41 Gb Available in Paging File | 80,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 15,19 Gb Free Space | 2,64% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,96 Gb Free Space | 49,84% Space Free | Partition Type: FAT32 Drive H: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TOM-PC | User Name: tom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.14 13:48:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tom\Downloads\OTL.exe PRC - [2011.09.08 18:30:10 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.09.08 18:29:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.09.08 12:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.03.09 15:57:23 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2011.09.08 17:51:22 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2011.09.08 12:53:30 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.09.08 12:41:26 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2011.06.21 12:20:28 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9e40949744b36534fe62cd64ddccb6a1\WindowsFormsIntegration.ni.dll MOD - [2011.06.21 12:18:36 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1342e13a5f5613678d438405bed08ddd\UIAutomationProvider.ni.dll MOD - [2011.06.16 16:09:46 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.06.16 16:09:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.06.16 16:09:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.06.16 16:08:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.06.16 16:07:47 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.06.16 16:07:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.06.16 16:07:16 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f4767076b1a225e440db402bbabf5a14\System.Core.ni.dll MOD - [2011.06.16 16:07:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll MOD - [2011.06.16 16:07:11 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll MOD - [2011.06.16 16:06:49 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll MOD - [2011.06.16 16:06:34 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll MOD - [2011.06.16 16:06:31 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.06.16 16:06:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2011.03.09 15:57:23 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2011.12.08 15:32:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.09.08 18:29:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.09.08 12:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009.08.24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.09.08 19:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011.09.08 19:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.09.08 17:52:20 | 000,248,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.24 05:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01) DRV - [2010.09.29 23:13:46 | 000,020,088 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.08.09 17:36:49 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.08.09 17:36:48 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.04.25 14:16:55 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.11.11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.02.14 14:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide) DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.01.12 19:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2006.07.05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.songsterr.com/a/wa/song?trackPos=0&id=289 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\tom\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\tom\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\tom\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Users\tom\Desktop\Eigene Dateien\Programme\Winamp\winampa.exe" File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\tom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23AB4A1C-4B88-494A-88A8-9B0AEC776514}: NameServer = 212.18.0.5 212.18.3.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF00E59-0769-4D3F-A4D4-0839CE13F5AE}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img26.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img26.jpg O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - H:\AutoRun -- [ UDF ] O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - H:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - H:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - H:\autorun.inf -- [ UDF ] O33 - MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.11 11:36:06 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Malwarebytes [2011.12.11 11:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.11 11:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.11 11:35:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.11 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.10 14:00:09 | 000,000,000 | RHSD | C] -- C:\Users\tom\2397-5973-7874-8623 [2011.12.09 14:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy [2011.12.09 14:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\simfy [2011.12.08 07:32:47 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Venetica [2011.12.06 17:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 [2011.12.06 17:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO 1503 [2011.12.06 17:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica [2011.12.06 17:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Venetica [2011.12.06 16:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos [2011.12.03 11:40:02 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2011.11.27 10:55:19 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\BFBC2 [2011.11.20 19:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.19 12:38:20 | 000,000,000 | ---D | C] -- C:\Users\tom\Nehrim [2011.11.19 12:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nehrim - Am Rande des Schicksals [2011.11.19 12:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\SureAI [2011.11.16 16:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.14 13:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2011.12.14 13:45:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.14 13:40:46 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.14 13:39:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.14 13:39:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.14 13:39:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.14 13:39:41 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys [2011.12.14 06:23:22 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1362803966-707695060-1972178968-1000UA.job [2011.12.13 19:23:03 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1362803966-707695060-1972178968-1000Core.job [2011.12.12 17:42:15 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.12.12 17:42:05 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.12.12 17:40:34 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.12.11 15:02:32 | 000,004,330 | ---- | M] () -- C:\Users\tom\AppData\Roaming\wklnhst.dat [2011.12.11 11:36:00 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.06 17:48:55 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\ANNO 1503.lnk [2011.12.06 17:33:20 | 000,001,091 | ---- | M] () -- C:\Users\tom\Desktop\Batman Arkham Asylum.lnk [2011.12.06 17:32:01 | 000,001,904 | ---- | M] () -- C:\Users\tom\Desktop\Venetica.lnk [2011.12.06 16:17:39 | 000,000,930 | ---- | M] () -- C:\Users\tom\Desktop\World in Conflict.lnk [2011.12.04 12:57:52 | 000,071,168 | ---- | M] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.29 18:31:48 | 000,000,032 | ---- | M] () -- C:\Users\tom\.simfy [2011.11.29 16:29:15 | 000,138,056 | ---- | M] () -- C:\Users\tom\AppData\Roaming\PnkBstrK.sys [2011.11.29 16:28:49 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe [2011.11.28 13:54:32 | 000,681,026 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.28 13:54:32 | 000,631,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.28 13:54:32 | 000,146,068 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.28 13:54:32 | 000,120,424 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.26 12:01:02 | 000,000,215 | ---- | M] () -- C:\Users\tom\Desktop\Battlefield Bad Company 2.url [2011.11.26 11:55:23 | 000,000,216 | ---- | M] () -- C:\Users\tom\Desktop\Terraria.url [2011.11.23 19:57:03 | 000,009,728 | ---- | M] () -- C:\Users\tom\Documents\Bewerbung321321321.wps [2011.11.23 14:26:48 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk [2011.11.21 14:24:11 | 000,002,036 | ---- | M] () -- C:\Users\tom\Desktop\Google Chrome.lnk [2011.11.20 19:48:38 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.20 19:21:02 | 000,009,728 | ---- | M] () -- C:\Users\tom\Documents\Bewerbung321321.wps [2011.11.20 19:13:02 | 000,009,728 | ---- | M] () -- C:\Users\tom\Documents\Bewerbung321.wps [2011.11.20 19:12:03 | 000,009,728 | ---- | M] () -- C:\Users\tom\Documents\Bewerbung.wps [2011.11.19 12:28:27 | 000,001,777 | ---- | M] () -- C:\Users\tom\Desktop\Nehrim - Am Rande des Schicksals.lnk [2011.11.16 16:43:09 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.11 11:36:00 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.06 17:48:55 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\ANNO 1503.lnk [2011.12.06 17:33:20 | 000,001,091 | ---- | C] () -- C:\Users\tom\Desktop\Batman Arkham Asylum.lnk [2011.12.06 17:32:01 | 000,001,904 | ---- | C] () -- C:\Users\tom\Desktop\Venetica.lnk [2011.12.06 16:17:39 | 000,000,930 | ---- | C] () -- C:\Users\tom\Desktop\World in Conflict.lnk [2011.11.29 18:31:48 | 000,000,032 | ---- | C] () -- C:\Users\tom\.simfy [2011.11.27 10:44:34 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011.11.26 12:01:02 | 000,000,215 | ---- | C] () -- C:\Users\tom\Desktop\Battlefield Bad Company 2.url [2011.11.26 11:55:23 | 000,000,216 | ---- | C] () -- C:\Users\tom\Desktop\Terraria.url [2011.11.23 14:26:48 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk [2011.11.21 19:59:12 | 000,009,728 | ---- | C] () -- C:\Users\tom\Documents\Bewerbung321321321.wps [2011.11.20 19:48:38 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.20 19:13:19 | 000,009,728 | ---- | C] () -- C:\Users\tom\Documents\Bewerbung321321.wps [2011.11.20 19:12:10 | 000,009,728 | ---- | C] () -- C:\Users\tom\Documents\Bewerbung321.wps [2011.11.19 12:28:27 | 000,001,777 | ---- | C] () -- C:\Users\tom\Desktop\Nehrim - Am Rande des Schicksals.lnk [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.08.26 15:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.07.30 14:28:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.10.24 10:56:10 | 000,001,853 | ---- | C] () -- C:\Windows\WINWORD6.INI [2010.10.24 10:56:06 | 000,000,096 | ---- | C] () -- C:\Windows\WINHELP.INI [2010.10.24 10:55:17 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI [2010.10.24 10:55:00 | 000,002,122 | ---- | C] () -- C:\Windows\MSFNTMAP.INI [2010.10.24 10:55:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI [2010.09.29 02:13:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.07.26 16:36:33 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe [2010.07.25 13:02:32 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.25 13:02:31 | 000,138,056 | ---- | C] () -- C:\Users\tom\AppData\Roaming\PnkBstrK.sys [2010.07.25 13:02:04 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.07.25 13:01:51 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.07.25 13:01:51 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.05.06 16:04:31 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2009.09.30 15:36:04 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI [2009.08.09 17:36:48 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.09 17:36:48 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.06.28 15:17:45 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.06.28 15:17:44 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2009.04.30 15:28:03 | 000,002,032 | ---- | C] () -- C:\Users\tom\AppData\Local\d3d9caps.dat [2009.02.20 18:39:12 | 000,071,168 | ---- | C] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.20 17:30:08 | 000,004,330 | ---- | C] () -- C:\Users\tom\AppData\Roaming\wklnhst.dat [2008.12.18 12:31:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.12.10 15:31:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008.12.10 14:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.12.01 21:08:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.11.24 18:37:33 | 000,681,026 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.11.24 18:37:33 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.11.24 18:37:33 | 000,146,068 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.11.24 18:37:33 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.11.24 10:42:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.11.24 10:42:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,351,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,631,792 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,120,424 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.01.14 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\.k3d [2011.06.14 12:46:11 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\.minecraft [2009.08.11 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Activision [2009.12.18 15:17:40 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ankh [2010.02.06 11:55:48 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ankh - Heart of Osiris [2009.06.03 09:23:45 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Armagetron [2010.04.07 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Atari [2010.11.28 18:38:37 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Blender Foundation [2010.12.26 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dev-Cpp [2009.04.26 17:38:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dreamlords [2011.02.13 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.07 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\flightgear.org [2009.09.03 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\FUEL Demo [2011.01.23 10:12:48 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Guitar Pro 6 [2010.07.08 16:39:13 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Imperium Romanum [2010.04.07 11:57:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Leadertech [2010.06.01 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\LEGO Company [2009.02.21 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\LEGO Media [2010.12.25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Notepad++ [2011.10.20 13:49:47 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\OpenOffice.org [2011.11.17 18:24:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Origin [2010.10.16 19:27:55 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Phase6 [2010.02.16 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\ProtectDisc [2011.09.18 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Rovio [2010.02.08 16:16:36 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Silver Style Entertainment [2011.07.22 16:36:09 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Simfy [2010.11.03 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\smc [2010.12.26 10:10:39 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Splitscreen Studios [2009.03.16 15:51:17 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SPORE [2010.05.04 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\streamripper [2010.11.05 11:24:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\supertuxkart [2009.05.22 18:17:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Template [2011.09.09 15:49:54 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Tropico 3 [2010.05.30 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ubisoft [2010.02.22 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Windows Live Writer [2011.10.15 08:28:49 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\XnView [2011.12.14 06:56:45 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.14 13:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.14 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\.k3d [2011.06.14 12:46:11 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\.minecraft [2009.08.11 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Activision [2011.07.22 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Adobe [2009.12.18 15:17:40 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ankh [2010.02.06 11:55:48 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ankh - Heart of Osiris [2010.02.27 12:34:05 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Apple Computer [2009.06.03 09:23:45 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Armagetron [2010.04.07 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Atari [2009.02.20 17:23:53 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\ATI [2010.02.18 16:43:31 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\AVS4YOU [2010.11.28 18:38:37 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Blender Foundation [2009.04.28 18:43:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Corel [2009.08.10 15:28:19 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\CyberLink [2010.12.26 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dev-Cpp [2009.04.26 17:38:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dreamlords [2011.02.13 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.07 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\flightgear.org [2009.09.03 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\FUEL Demo [2010.11.13 13:13:53 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Google [2011.01.23 10:12:48 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Guitar Pro 6 [2009.07.20 13:56:53 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Hamachi [2009.02.20 17:23:30 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Identities [2010.07.08 16:39:13 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Imperium Romanum [2010.12.30 09:57:14 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\InstallShield [2010.04.07 11:57:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Leadertech [2010.06.01 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\LEGO Company [2009.02.21 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\LEGO Media [2009.02.20 17:22:46 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Macromedia [2011.12.11 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Media Center Programs [2010.11.16 18:45:13 | 000,000,000 | --SD | M] -- C:\Users\tom\AppData\Roaming\Microsoft [2009.08.09 18:00:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Microsoft Games [2010.10.16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Mozilla [2009.02.20 17:28:32 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Nero [2010.12.25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Notepad++ [2011.10.20 13:49:47 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\OpenOffice.org [2011.11.17 18:24:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Origin [2010.10.16 19:27:55 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Phase6 [2010.02.16 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\ProtectDisc [2011.09.18 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Rovio [2009.02.27 10:04:17 | 000,000,000 | RH-D | M] -- C:\Users\tom\AppData\Roaming\SecuROM [2010.02.08 16:16:36 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Silver Style Entertainment [2011.07.22 16:36:09 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Simfy [2010.11.03 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\smc [2010.12.26 10:10:39 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Splitscreen Studios [2009.03.16 15:51:17 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SPORE [2010.05.04 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\streamripper [2010.11.05 11:24:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\supertuxkart [2009.05.22 18:17:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Template [2011.09.09 15:49:54 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Tropico 3 [2010.05.30 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ubisoft [2010.05.05 13:47:03 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Winamp [2010.02.22 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Windows Live Writer [2011.10.15 08:28:49 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\XnView < %APPDATA%\*.exe /s > [2009.04.26 17:36:55 | 002,086,437 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Dreamlords\DreamlordsPatch_1.4.6.10185_to_1.4.7.10232.exe [2009.04.26 17:39:21 | 002,040,324 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Dreamlords\DreamlordsPatch_1.4.7.10232_to_1.4.8.10266.exe [2011.07.22 16:35:41 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\tom\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.09.06 11:33:21 | 000,010,134 | R--- | M] () -- C:\Users\tom\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe [2009.10.09 16:16:57 | 000,010,134 | R--- | M] () -- C:\Users\tom\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe [2009.07.08 13:15:19 | 000,010,134 | R--- | M] () -- C:\Users\tom\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.09.18 13:21:17 | 046,370,928 | ---- | M] (Rovio) -- C:\Users\tom\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.2.exe [2011.10.08 09:35:41 | 046,678,912 | ---- | M] (Rovio) -- C:\Users\tom\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.3.1.exe [2011.10.05 13:42:35 | 046,676,456 | ---- | M] (Rovio) -- C:\Users\tom\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.3.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys [2007.11.01 20:31:44 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.09.08 18:30:38 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > Was soll ich nun machen?  |
|
14.12.2011, 15:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phorpiex Virus von Facebook loswerden, nur wie? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
MOD - [2011.03.09 15:57:23 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
[2011/03/19 09:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Uniblue
[2011/07/14 13:42:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.songsterr.com/a/wa/song?trackPos=0&id=289
O4 - HKLM..\Run: [WinampAgent] "C:\Users\tom\Desktop\Eigene Dateien\Programme\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - H:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - H:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - H:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
[2011.12.10 14:00:09 | 000,000,000 | RHSD | C] -- C:\Users\tom\2397-5973-7874-8623
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Phorpiex Virus von Facebook loswerden, nur wie? |
|
15.12.2011, 15:26
| #7 |
| | Phorpiex Virus von Facebook loswerden, nur wie? Hier ist die Logfile: All processes killed ========== OTL ========== Folder C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Uniblue\ not found. Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully. C:\Program Files\Pando Networks\Media Booster\PMB.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:credssp.dll deleted successfully. File edssp.dll) -credssp.dll not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File not found. File move failed. H:\AutoRun.exe scheduled to be moved on reboot. File move failed. H:\autorun.dat scheduled to be moved on reboot. File move failed. H:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\ not found. File move failed. H:\AutoRun.exe scheduled to be moved on reboot. C:\Users\tom\2397-5973-7874-8623 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56551 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: tom ->Temp folder emptied: 7561521417 bytes ->Temporary Internet Files folder emptied: 49582202 bytes ->Java cache emptied: 748655 bytes ->Google Chrome cache emptied: 245516310 bytes ->Apple Safari cache emptied: 1142784 bytes ->Flash cache emptied: 106104 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2032398 bytes %systemroot%\System32 .tmp files removed: 1619120 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 283108064 bytes RecycleBin emptied: 8515525871 bytes Total Files Cleaned = 15.889,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 12152011_151206 Files\Folders moved on Reboot... File move failed. H:\AutoRun.exe scheduled to be moved on reboot. File move failed. H:\autorun.dat scheduled to be moved on reboot. File move failed. H:\autorun.inf scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
15.12.2011, 15:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phorpiex Virus von Facebook loswerden, nur wie? Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2011, 14:06
| #9 |
| | Phorpiex Virus von Facebook loswerden, nur wie? Ich hab den TDSS Killer jetzt durchlaufen lassen und das Log lässt sich nicht kopieren. Wo finde Ich nun die Windows Systempartition?  |
|
18.12.2011, 14:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phorpiex Virus von Facebook loswerden, nur wie? Direkt auf C: IdR ist C: die Systempartition. Eben diese worauf Windows installiert ist
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2011, 18:04
| #11 |
| | Phorpiex Virus von Facebook loswerden, nur wie? Hier ist das Log: 11:57:10.0119 2144 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 11:57:10.0366 2144 ============================================================ 11:57:10.0366 2144 Current date / time: 2011/12/17 11:57:10.0366 11:57:10.0366 2144 SystemInfo: 11:57:10.0366 2144 11:57:10.0366 2144 OS Version: 6.0.6002 ServicePack: 2.0 11:57:10.0366 2144 Product type: Workstation 11:57:10.0366 2144 ComputerName: TOM-PC 11:57:10.0366 2144 UserName: tom 11:57:10.0366 2144 Windows directory: C:\Windows 11:57:10.0366 2144 System windows directory: C:\Windows 11:57:10.0366 2144 Processor architecture: Intel x86 11:57:10.0366 2144 Number of processors: 2 11:57:10.0366 2144 Page size: 0x1000 11:57:10.0366 2144 Boot type: Normal boot 11:57:10.0366 2144 ============================================================ 11:57:11.0326 2144 Initialize success 11:57:30.0628 4604 ============================================================ 11:57:30.0628 4604 Scan started 11:57:30.0628 4604 Mode: Manual; SigCheck; TDLFS; 11:57:30.0628 4604 ============================================================ 11:57:31.0156 4604 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys 11:57:31.0317 4604 acedrv11 - ok 11:57:31.0354 4604 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 11:57:31.0373 4604 ACPI - ok 11:57:31.0413 4604 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 11:57:31.0452 4604 adp94xx - ok 11:57:31.0503 4604 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 11:57:31.0516 4604 adpahci - ok 11:57:31.0533 4604 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 11:57:31.0542 4604 adpu160m - ok 11:57:31.0556 4604 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 11:57:31.0568 4604 adpu320 - ok 11:57:31.0616 4604 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 11:57:31.0684 4604 AFD - ok 11:57:31.0707 4604 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 11:57:31.0714 4604 agp440 - ok 11:57:31.0749 4604 ahcix86s (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys 11:57:31.0763 4604 ahcix86s - ok 11:57:31.0783 4604 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 11:57:31.0792 4604 aic78xx - ok 11:57:31.0816 4604 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 11:57:31.0823 4604 aliide - ok 11:57:31.0873 4604 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 11:57:31.0887 4604 amdagp - ok 11:57:31.0902 4604 amdide (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys 11:57:31.0916 4604 amdide - ok 11:57:31.0947 4604 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys 11:57:31.0954 4604 amdiox86 - ok 11:57:31.0985 4604 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 11:57:32.0073 4604 AmdK7 - ok 11:57:32.0092 4604 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 11:57:32.0159 4604 AmdK8 - ok 11:57:32.0395 4604 amdkmdag (bc7c2154c4b23f74222859c4d93a3039) C:\Windows\system32\DRIVERS\atikmdag.sys 11:57:32.0796 4604 amdkmdag - ok 11:57:32.0833 4604 amdkmdap (dc5d417390a70db5583374a232be622f) C:\Windows\system32\DRIVERS\atikmpag.sys 11:57:32.0870 4604 amdkmdap - ok 11:57:32.0932 4604 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys 11:57:32.0963 4604 AmdLLD - ok 11:57:33.0033 4604 AODDriver4.01 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys 11:57:33.0059 4604 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - warning 11:57:33.0059 4604 AODDriver4.01 - detected UnsignedFile.Multi.Generic (1) 11:57:33.0123 4604 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 11:57:33.0137 4604 arc - ok 11:57:33.0166 4604 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 11:57:33.0181 4604 arcsas - ok 11:57:33.0238 4604 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 11:57:33.0323 4604 AsyncMac - ok 11:57:33.0339 4604 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 11:57:33.0355 4604 atapi - ok 11:57:33.0604 4604 atikmdag (bc7c2154c4b23f74222859c4d93a3039) C:\Windows\system32\DRIVERS\atikmdag.sys 11:57:33.0823 4604 atikmdag - ok 11:57:33.0850 4604 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys 11:57:33.0855 4604 AtiPcie - ok 11:57:33.0892 4604 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 11:57:33.0905 4604 atksgt - ok 11:57:33.0943 4604 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 11:57:33.0998 4604 Beep - ok 11:57:34.0041 4604 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 11:57:34.0084 4604 blbdrive - ok 11:57:34.0129 4604 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 11:57:34.0161 4604 bowser - ok 11:57:34.0188 4604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 11:57:34.0283 4604 BrFiltLo - ok 11:57:34.0306 4604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 11:57:34.0382 4604 BrFiltUp - ok 11:57:34.0421 4604 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 11:57:34.0614 4604 Brserid - ok 11:57:34.0644 4604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 11:57:34.0783 4604 BrSerWdm - ok 11:57:34.0799 4604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 11:57:34.0881 4604 BrUsbMdm - ok 11:57:34.0908 4604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 11:57:34.0968 4604 BrUsbSer - ok 11:57:34.0998 4604 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 11:57:35.0066 4604 BTHMODEM - ok 11:57:35.0098 4604 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 11:57:35.0134 4604 cdfs - ok 11:57:35.0165 4604 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 11:57:35.0193 4604 cdrom - ok 11:57:35.0214 4604 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 11:57:35.0258 4604 circlass - ok 11:57:35.0297 4604 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 11:57:35.0313 4604 CLFS - ok 11:57:35.0346 4604 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 11:57:35.0359 4604 cmdide - ok 11:57:35.0377 4604 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys 11:57:35.0389 4604 Compbatt - ok 11:57:35.0408 4604 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 11:57:35.0416 4604 crcdisk - ok 11:57:35.0432 4604 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 11:57:35.0476 4604 Crusoe - ok 11:57:35.0548 4604 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 11:57:35.0590 4604 DfsC - ok 11:57:35.0623 4604 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 11:57:35.0631 4604 disk - ok 11:57:35.0679 4604 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 11:57:35.0704 4604 drmkaud - ok 11:57:35.0752 4604 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys 11:57:35.0871 4604 DXGKrnl - ok 11:57:35.0902 4604 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 11:57:35.0965 4604 E1G60 - ok 11:57:36.0011 4604 EagleXNt - ok 11:57:36.0058 4604 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 11:57:36.0074 4604 Ecache - ok 11:57:36.0136 4604 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 11:57:36.0167 4604 elxstor - ok 11:57:36.0199 4604 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 11:57:36.0245 4604 ErrDev - ok 11:57:36.0279 4604 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 11:57:36.0356 4604 exfat - ok 11:57:36.0415 4604 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 11:57:36.0478 4604 fastfat - ok 11:57:36.0529 4604 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 11:57:36.0586 4604 fdc - ok 11:57:36.0622 4604 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 11:57:36.0636 4604 FileInfo - ok 11:57:36.0656 4604 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 11:57:36.0712 4604 Filetrace - ok 11:57:36.0730 4604 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 11:57:36.0800 4604 flpydisk - ok 11:57:36.0852 4604 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 11:57:36.0871 4604 FltMgr - ok 11:57:36.0901 4604 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 11:57:36.0947 4604 Fs_Rec - ok 11:57:36.0973 4604 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 11:57:36.0987 4604 gagp30kx - ok 11:57:37.0012 4604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:57:37.0022 4604 GEARAspiWDM - ok 11:57:37.0108 4604 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys 11:57:37.0118 4604 hamachi - ok 11:57:37.0152 4604 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 11:57:37.0284 4604 HdAudAddService - ok 11:57:37.0362 4604 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 11:57:37.0417 4604 HDAudBus - ok 11:57:37.0444 4604 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 11:57:37.0528 4604 HidBth - ok 11:57:37.0553 4604 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 11:57:37.0644 4604 HidIr - ok 11:57:37.0688 4604 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 11:57:37.0748 4604 HidUsb - ok 11:57:37.0781 4604 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 11:57:37.0795 4604 HpCISSs - ok 11:57:37.0827 4604 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 11:57:37.0895 4604 HTTP - ok 11:57:37.0982 4604 HWiNFO32 (ac1e9496ba0ac3b27b45f2228ed51b2c) C:\Program Files\HWiNFO32\HWiNFO32.SYS 11:57:37.0993 4604 HWiNFO32 - ok 11:57:38.0013 4604 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 11:57:38.0026 4604 i2omp - ok 11:57:38.0051 4604 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 11:57:38.0099 4604 i8042prt - ok 11:57:38.0127 4604 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 11:57:38.0159 4604 iaStorV - ok 11:57:38.0190 4604 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 11:57:38.0203 4604 iirsp - ok 11:57:38.0306 4604 IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys 11:57:38.0463 4604 IntcAzAudAddService - ok 11:57:38.0510 4604 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 11:57:38.0526 4604 intelide - ok 11:57:38.0526 4604 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 11:57:38.0588 4604 intelppm - ok 11:57:38.0635 4604 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:57:38.0682 4604 IpFilterDriver - ok 11:57:38.0682 4604 IpInIp - ok 11:57:38.0713 4604 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 11:57:38.0760 4604 IPMIDRV - ok 11:57:38.0775 4604 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 11:57:38.0808 4604 IPNAT - ok 11:57:38.0823 4604 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 11:57:38.0882 4604 IRENUM - ok 11:57:38.0907 4604 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 11:57:38.0920 4604 isapnp - ok 11:57:38.0952 4604 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 11:57:38.0967 4604 iScsiPrt - ok 11:57:38.0984 4604 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 11:57:38.0991 4604 iteatapi - ok 11:57:39.0005 4604 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 11:57:39.0012 4604 iteraid - ok 11:57:39.0034 4604 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 11:57:39.0041 4604 kbdclass - ok 11:57:39.0053 4604 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 11:57:39.0094 4604 kbdhid - ok 11:57:39.0139 4604 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 11:57:39.0157 4604 KSecDD - ok 11:57:39.0222 4604 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 11:57:39.0232 4604 lirsgt - ok 11:57:39.0251 4604 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 11:57:39.0303 4604 lltdio - ok 11:57:39.0340 4604 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 11:57:39.0355 4604 LSI_FC - ok 11:57:39.0374 4604 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 11:57:39.0388 4604 LSI_SAS - ok 11:57:39.0406 4604 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 11:57:39.0421 4604 LSI_SCSI - ok 11:57:39.0444 4604 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 11:57:39.0503 4604 luafv - ok 11:57:39.0554 4604 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 11:57:39.0567 4604 MBAMProtector - ok 11:57:39.0580 4604 MBAMSwissArmy - ok 11:57:39.0620 4604 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 11:57:39.0633 4604 megasas - ok 11:57:39.0676 4604 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 11:57:39.0702 4604 MegaSR - ok 11:57:39.0730 4604 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 11:57:39.0771 4604 Modem - ok 11:57:39.0798 4604 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 11:57:39.0861 4604 monitor - ok 11:57:39.0877 4604 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 11:57:39.0892 4604 mouclass - ok 11:57:39.0908 4604 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 11:57:39.0939 4604 mouhid - ok 11:57:39.0955 4604 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 11:57:39.0970 4604 MountMgr - ok 11:57:39.0974 4604 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 11:57:39.0982 4604 mpio - ok 11:57:40.0001 4604 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 11:57:40.0030 4604 mpsdrv - ok 11:57:40.0057 4604 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 11:57:40.0066 4604 Mraid35x - ok 11:57:40.0108 4604 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 11:57:40.0149 4604 MRxDAV - ok 11:57:40.0193 4604 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:57:40.0223 4604 mrxsmb - ok 11:57:40.0274 4604 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:57:40.0305 4604 mrxsmb10 - ok 11:57:40.0324 4604 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:57:40.0372 4604 mrxsmb20 - ok 11:57:40.0407 4604 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys 11:57:40.0420 4604 msahci - ok 11:57:40.0439 4604 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 11:57:40.0453 4604 msdsm - ok 11:57:40.0479 4604 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 11:57:40.0532 4604 Msfs - ok 11:57:40.0542 4604 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 11:57:40.0555 4604 msisadrv - ok 11:57:40.0589 4604 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 11:57:40.0635 4604 MSKSSRV - ok 11:57:40.0666 4604 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 11:57:40.0701 4604 MSPCLOCK - ok 11:57:40.0723 4604 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 11:57:40.0752 4604 MSPQM - ok 11:57:40.0818 4604 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 11:57:40.0829 4604 MsRPC - ok 11:57:40.0848 4604 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 11:57:40.0855 4604 mssmbios - ok 11:57:40.0870 4604 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 11:57:40.0919 4604 MSTEE - ok 11:57:40.0960 4604 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 11:57:40.0993 4604 Mup - ok 11:57:41.0056 4604 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 11:57:41.0118 4604 NativeWifiP - ok 11:57:41.0165 4604 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 11:57:41.0212 4604 NDIS - ok 11:57:41.0227 4604 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 11:57:41.0274 4604 NdisTapi - ok 11:57:41.0290 4604 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 11:57:41.0337 4604 Ndisuio - ok 11:57:41.0368 4604 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 11:57:41.0394 4604 NdisWan - ok 11:57:41.0413 4604 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 11:57:41.0462 4604 NDProxy - ok 11:57:41.0489 4604 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 11:57:41.0533 4604 NetBIOS - ok 11:57:41.0552 4604 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 11:57:41.0606 4604 netbt - ok 11:57:41.0682 4604 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys 11:57:41.0752 4604 netr28u - ok 11:57:41.0779 4604 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 11:57:41.0792 4604 nfrd960 - ok 11:57:41.0828 4604 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 11:57:41.0858 4604 Npfs - ok 11:57:41.0893 4604 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 11:57:41.0946 4604 nsiproxy - ok 11:57:42.0007 4604 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 11:57:42.0078 4604 Ntfs - ok 11:57:42.0110 4604 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 11:57:42.0206 4604 ntrigdigi - ok 11:57:42.0231 4604 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 11:57:42.0256 4604 Null - ok 11:57:42.0277 4604 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 11:57:42.0285 4604 nvraid - ok 11:57:42.0304 4604 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 11:57:42.0312 4604 nvstor - ok 11:57:42.0328 4604 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 11:57:42.0336 4604 nv_agp - ok 11:57:42.0346 4604 NwlnkFlt - ok 11:57:42.0357 4604 NwlnkFwd - ok 11:57:42.0426 4604 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 11:57:42.0442 4604 ohci1394 - ok 11:57:42.0489 4604 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 11:57:42.0534 4604 Parport - ok 11:57:42.0572 4604 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 11:57:42.0587 4604 partmgr - ok 11:57:42.0604 4604 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 11:57:42.0678 4604 Parvdm - ok 11:57:42.0715 4604 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 11:57:42.0732 4604 pci - ok 11:57:42.0768 4604 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 11:57:42.0782 4604 pciide - ok 11:57:42.0808 4604 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 11:57:42.0825 4604 pcmcia - ok 11:57:42.0877 4604 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 11:57:42.0986 4604 PEAUTH - ok 11:57:43.0065 4604 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 11:57:43.0107 4604 PptpMiniport - ok 11:57:43.0125 4604 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys 11:57:43.0156 4604 Processor - ok 11:57:43.0183 4604 Profos - ok 11:57:43.0223 4604 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 11:57:43.0257 4604 PSched - ok 11:57:43.0289 4604 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 11:57:43.0295 4604 PxHelp20 - ok 11:57:43.0348 4604 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 11:57:43.0393 4604 ql2300 - ok 11:57:43.0411 4604 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 11:57:43.0425 4604 ql40xx - ok 11:57:43.0479 4604 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 11:57:43.0545 4604 QWAVEdrv - ok 11:57:43.0576 4604 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 11:57:43.0607 4604 RasAcd - ok 11:57:43.0639 4604 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:57:43.0685 4604 Rasl2tp - ok 11:57:43.0732 4604 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 11:57:43.0763 4604 RasPppoe - ok 11:57:43.0779 4604 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 11:57:43.0795 4604 RasSstp - ok 11:57:43.0841 4604 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 11:57:43.0857 4604 rdbss - ok 11:57:43.0873 4604 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:57:43.0904 4604 RDPCDD - ok 11:57:43.0920 4604 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 11:57:43.0946 4604 rdpdr - ok 11:57:43.0960 4604 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 11:57:43.0983 4604 RDPENCDD - ok 11:57:44.0024 4604 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 11:57:44.0060 4604 RDPWD - ok 11:57:44.0101 4604 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 11:57:44.0124 4604 rspndr - ok 11:57:44.0146 4604 RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys 11:57:44.0155 4604 RTHDMIAzAudService - ok 11:57:44.0188 4604 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys 11:57:44.0229 4604 RTL8169 - ok 11:57:44.0256 4604 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 11:57:44.0270 4604 sbp2port - ok 11:57:44.0305 4604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 11:57:44.0386 4604 secdrv - ok 11:57:44.0414 4604 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 11:57:44.0437 4604 Serenum - ok 11:57:44.0497 4604 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 11:57:44.0535 4604 Serial - ok 11:57:44.0555 4604 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 11:57:44.0588 4604 sermouse - ok 11:57:44.0634 4604 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys 11:57:44.0643 4604 sfdrv01a - ok 11:57:44.0660 4604 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 11:57:44.0685 4604 sffdisk - ok 11:57:44.0696 4604 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 11:57:44.0741 4604 sffp_mmc - ok 11:57:44.0767 4604 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 11:57:44.0815 4604 sffp_sd - ok 11:57:44.0857 4604 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys 11:57:44.0866 4604 sfhlp02 - ok 11:57:44.0884 4604 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 11:57:44.0989 4604 sfloppy - ok 11:57:45.0021 4604 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys 11:57:45.0021 4604 sfsync02 - ok 11:57:45.0067 4604 sfvfs02 (107b772690050d3b19cbc637ad8fd96e) C:\Windows\system32\drivers\sfvfs02.sys 11:57:45.0067 4604 sfvfs02 - ok 11:57:45.0084 4604 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 11:57:45.0089 4604 sisagp - ok 11:57:45.0108 4604 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 11:57:45.0121 4604 SiSRaid2 - ok 11:57:45.0142 4604 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 11:57:45.0156 4604 SiSRaid4 - ok 11:57:45.0200 4604 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 11:57:45.0248 4604 Smb - ok 11:57:45.0290 4604 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 11:57:45.0303 4604 spldr - ok 11:57:45.0345 4604 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 11:57:45.0392 4604 srv - ok 11:57:45.0431 4604 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 11:57:45.0452 4604 srv2 - ok 11:57:45.0518 4604 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 11:57:45.0558 4604 srvnet - ok 11:57:45.0611 4604 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 11:57:45.0624 4604 swenum - ok 11:57:45.0647 4604 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 11:57:45.0660 4604 Symc8xx - ok 11:57:45.0677 4604 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 11:57:45.0690 4604 Sym_hi - ok 11:57:45.0702 4604 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 11:57:45.0727 4604 Sym_u3 - ok 11:57:45.0813 4604 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 11:57:45.0888 4604 Tcpip - ok 11:57:45.0922 4604 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 11:57:46.0013 4604 Tcpip6 - ok 11:57:46.0057 4604 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 11:57:46.0108 4604 tcpipreg - ok 11:57:46.0124 4604 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 11:57:46.0155 4604 TDPIPE - ok 11:57:46.0171 4604 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 11:57:46.0217 4604 TDTCP - ok 11:57:46.0249 4604 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 11:57:46.0311 4604 tdx - ok 11:57:46.0342 4604 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 11:57:46.0358 4604 TermDD - ok 11:57:46.0389 4604 Trufos - ok 11:57:46.0420 4604 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:57:46.0467 4604 tssecsrv - ok 11:57:46.0488 4604 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 11:57:46.0517 4604 tunmp - ok 11:57:46.0526 4604 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 11:57:46.0544 4604 tunnel - ok 11:57:46.0565 4604 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 11:57:46.0579 4604 uagp35 - ok 11:57:46.0624 4604 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 11:57:46.0656 4604 udfs - ok 11:57:46.0691 4604 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 11:57:46.0699 4604 uliagpkx - ok 11:57:46.0718 4604 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 11:57:46.0730 4604 uliahci - ok 11:57:46.0741 4604 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 11:57:46.0750 4604 UlSata - ok 11:57:46.0769 4604 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 11:57:46.0778 4604 ulsata2 - ok 11:57:46.0792 4604 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 11:57:46.0813 4604 umbus - ok 11:57:46.0834 4604 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 11:57:46.0881 4604 USBAAPL - ok 11:57:46.0912 4604 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 11:57:46.0946 4604 usbccgp - ok 11:57:46.0971 4604 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 11:57:47.0033 4604 usbcir - ok 11:57:47.0066 4604 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 11:57:47.0096 4604 usbehci - ok 11:57:47.0118 4604 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 11:57:47.0141 4604 usbhub - ok 11:57:47.0149 4604 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 11:57:47.0183 4604 usbohci - ok 11:57:47.0201 4604 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 11:57:47.0242 4604 usbprint - ok 11:57:47.0259 4604 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:57:47.0278 4604 USBSTOR - ok 11:57:47.0316 4604 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 11:57:47.0346 4604 usbuhci - ok 11:57:47.0373 4604 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 11:57:47.0416 4604 vga - ok 11:57:47.0442 4604 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 11:57:47.0490 4604 VgaSave - ok 11:57:47.0537 4604 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 11:57:47.0537 4604 viaagp - ok 11:57:47.0553 4604 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 11:57:47.0568 4604 ViaC7 - ok 11:57:47.0584 4604 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 11:57:47.0599 4604 viaide - ok 11:57:47.0615 4604 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 11:57:47.0631 4604 volmgr - ok 11:57:47.0657 4604 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 11:57:47.0679 4604 volmgrx - ok 11:57:47.0707 4604 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 11:57:47.0729 4604 volsnap - ok 11:57:47.0765 4604 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 11:57:47.0782 4604 vsmraid - ok 11:57:47.0806 4604 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 11:57:47.0893 4604 WacomPen - ok 11:57:47.0922 4604 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 11:57:47.0953 4604 Wanarp - ok 11:57:47.0959 4604 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 11:57:47.0989 4604 Wanarpv6 - ok 11:57:48.0013 4604 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 11:57:48.0026 4604 Wd - ok 11:57:48.0060 4604 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 11:57:48.0091 4604 Wdf01000 - ok 11:57:48.0201 4604 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 11:57:48.0237 4604 WmiAcpi - ok 11:57:48.0292 4604 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 11:57:48.0327 4604 WpdUsb - ok 11:57:48.0351 4604 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 11:57:48.0385 4604 ws2ifsl - ok 11:57:48.0427 4604 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:57:48.0476 4604 WUDFRd - ok 11:57:48.0519 4604 XDva248 - ok 11:57:48.0569 4604 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 11:57:48.0687 4604 \Device\Harddisk0\DR0 - ok 11:57:48.0703 4604 Boot (0x1200) (10a932c9a19cd84bca32fbb98a93dec1) \Device\Harddisk0\DR0\Partition0 11:57:48.0703 4604 \Device\Harddisk0\DR0\Partition0 - ok 11:57:48.0718 4604 Boot (0x1200) (e440be18652ffe31e3bc0a5d12873b81) \Device\Harddisk0\DR0\Partition1 11:57:48.0718 4604 \Device\Harddisk0\DR0\Partition1 - ok 11:57:48.0718 4604 ============================================================ 11:57:48.0718 4604 Scan finished 11:57:48.0718 4604 ============================================================ 11:57:48.0734 3476 Detected object count: 1 11:57:48.0734 3476 Actual detected object count: 1 12:06:51.0108 3476 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - skipped by user 12:06:51.0108 3476 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:59:18.0147 5408 Deinitialize success Der TDSS Killer hat einen Thread gefunden. Soll ich diesen nun entfernen und wie? |
|
19.12.2011, 10:17
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phorpiex Virus von Facebook loswerden, nur wie? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Phorpiex Virus von Facebook loswerden, nur wie? |
| .dll, anti-malware, appdata, cache, dateien, explorer, files, forum, freunde, google, leute, link, loswerden, mail, manager, microsoft, msimg32.dll, phorpiex, process, programm, service, software, spyware, temporary, trojan.agent, trojaner, version, virus, wurm |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
