| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.12.2011, 20:15
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll Nach der Deinstallation hat sich dein System signifikant verändert. Daher wäre ein neues OTL-Log (CustomScan) vonnöten. Zudme sehe ich, dass du Acronis installiert hast. Es ist eine ziemliche Verschwendung wenn man diese Software installiert hat aber nicht regelmäßig nutzt und so auch nicht im Falle eines Systemfehlers mal eben das System durch ein Image zurücksetzt weil man schlicht und ergreifend wohl das Programm weder kennt noch die Anleitung gelesen hat oder warum auch immer nicht rechtzeitig ans Backups gedacht hat.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.12.2011, 22:16
| #17 |
 | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll hier mein neuer OTL-Log: (wie in Schritt 2 beschrieben)
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.12.2011 21:59:44 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = E:\Dokumente und Einstellungen\A*\Eigene Dateien\Notebook\Software\Windows_XP neu installieren - Downloads\Trojaner Board\OTL Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,98 Mb Total Physical Memory | 295,22 Mb Available Physical Memory | 28,89% Memory free 2,41 Gb Paging File | 1,45 Gb Available in Paging File | 60,15% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 49,81 Gb Total Space | 33,95 Gb Free Space | 68,16% Space Free | Partition Type: NTFS Drive D: | 41,01 Gb Total Space | 37,08 Gb Free Space | 90,42% Space Free | Partition Type: NTFS Drive E: | 107,26 Gb Total Space | 70,18 Gb Free Space | 65,43% Space Free | Partition Type: NTFS Drive G: | 232,83 Gb Total Space | 126,14 Gb Free Space | 54,18% Space Free | Partition Type: FAT32 Computer Name: A*SPC | User Name: A* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.21 21:14:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\A*\Eigene Dateien\Notebook\Software\Windows_XP neu installieren - Downloads\Trojaner Board\OTL\OTL.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.10.04 20:24:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.17 17:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.03.10 17:20:00 | 000,689,488 | ---- | M] (CANON INC.) -- C:\Programme\Canon\SolutionMenu\CNSLMAIN.EXE PRC - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2006.09.22 00:41:30 | 001,949,912 | ---- | M] (Acronis) -- D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2006.09.22 00:35:14 | 000,082,832 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2006.09.22 00:35:08 | 000,226,192 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2006.09.22 00:33:02 | 001,176,768 | ---- | M] (Acronis) -- D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2006.08.25 12:47:12 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe PRC - [2006.08.01 23:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2006.08.01 23:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2006.08.01 23:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2006.06.29 09:30:34 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe PRC - [2006.03.02 23:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\Toshiba.exe PRC - [2006.02.07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe PRC - [2006.02.02 12:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Tvs\TvsTray.exe PRC - [2005.10.06 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.08.03 15:16:04 | 000,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2005.08.03 15:15:50 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2005.05.13 10:01:30 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe PRC - [2005.04.12 09:05:26 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2002.01.07 14:53:14 | 000,200,704 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- D:\Programme\FinePixViewer\QuickDCF.exe PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.12.22 09:37:50 | 001,656,320 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\11122200\algo.dll MOD - [2011.12.20 00:49:56 | 000,241,528 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\11122200\aswRep.dll MOD - [2011.12.15 14:27:18 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011.11.10 05:53:45 | 000,008,192 | ---- | M] () -- C:\Programme\Java\jre6\bin\jp2native.dll MOD - [2011.10.04 20:24:02 | 001,833,944 | ---- | M] () -- D:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.02.04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe MOD - [2006.09.21 23:38:24 | 000,045,968 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll MOD - [2006.08.01 23:26:20 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2006.08.01 23:24:54 | 000,348,160 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll MOD - [2006.06.23 12:07:08 | 001,167,360 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll MOD - [2006.05.01 21:04:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006.05.01 21:04:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2006.01.04 17:14:36 | 000,049,152 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll MOD - [2005.11.23 13:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll MOD - [2004.07.20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2006.09.22 00:35:08 | 000,226,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2006.02.07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.30 18:03:29 | 000,397,296 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2011.07.30 18:03:29 | 000,033,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2011.07.30 18:03:18 | 000,107,056 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.08.02 00:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006.05.30 15:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2006.05.05 15:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.03.22 07:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.12.13 17:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.11.30 18:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.11.28 09:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid) DRV - [2005.10.20 13:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD) DRV - [2005.10.06 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.10.06 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.10.06 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.10.06 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.10.06 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.10.06 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.10.06 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.09.09 13:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec) DRV - [2005.08.25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2003.09.19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.01.29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) DRV - [2001.11.21 20:09:00 | 000,081,796 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB0109.SYS -- (FINEPIX_PCC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: D:\Programme\AVAST Software\Avast\WebRep\FF [2011.12.15 14:29:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.10.04 20:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2011.10.27 08:53:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2011.07.29 19:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Mozilla\Extensions [2011.07.29 19:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.21 22:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Mozilla\Firefox\Profiles\h6ymivw5.default\extensions [2011.06.29 08:27:36 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Mozilla\Firefox\Profiles\h6ymivw5.default\searchplugins\conduit.xml [2011.07.29 19:56:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.07.30 13:29:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.12.15 14:29:14 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (MSN Suche Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] D:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher.lnk = D:\Programme\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.) O4 - Startup: C:\Dokumente und Einstellungen\A*\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = D:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &MSN Suche - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - C:\Programme\MSN Toolbar Suite\de-de\msntabres.dll.mui (Microsoft Corporation) O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - C:\Programme\MSN Toolbar Suite\de-de\msntabres.dll.mui (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{328A1E9E-C724-4A4E-80C2-A948D5BD7872}: DhcpNameServer = 192.168.100.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\TOSHIBA SATELLITE.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\TOSHIBA SATELLITE.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.13 15:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.01.09 09:50:08 | 000,000,113 | ---- | M] () - G:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2009.02.11 20:58:00 | 000,000,000 | ---D | M] - G:\Autorun -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067) ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.22 13:47:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011.12.21 23:29:28 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.12.21 22:16:00 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.21 22:15:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Malwarebytes [2011.12.21 22:14:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.12.21 22:14:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.12.21 22:14:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.12.21 22:12:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011.12.21 22:02:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2011.12.16 10:10:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.12.16 10:10:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.12.16 10:10:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2006.09.14 10:48:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.22 10:29:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.12.21 22:16:00 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.21 22:14:55 | 000,000,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.21 22:11:37 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.12.21 22:09:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.21 22:09:19 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys [2011.12.16 10:10:18 | 000,459,578 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.12.16 10:10:18 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.12.16 10:10:18 | 000,084,914 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.12.16 10:10:18 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.12.15 14:29:16 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011.12.15 14:27:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.12.15 14:23:01 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.12.15 14:01:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.12.12 17:49:56 | 000,023,004 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Schilddrüse.odt [2011.12.03 17:23:46 | 000,002,267 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickSteuer Deluxe 2011.lnk [2011.11.28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011.11.28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011.11.28 18:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011.11.28 15:30:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.21 22:14:55 | 000,000,639 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.02 14:45:24 | 000,023,004 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Schilddrüse.odt [2011.11.06 13:47:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.10.31 15:01:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.09.10 13:45:48 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2011.08.16 19:40:17 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\A*\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.30 20:20:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.07.30 12:31:32 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2011.07.29 19:33:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.07.29 15:36:39 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\A*\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.09.14 17:34:45 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.09.14 17:34:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.09.14 17:34:43 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.09.14 17:34:43 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.09.14 17:34:41 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.09.14 17:34:41 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.09.14 17:34:38 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.09.14 17:34:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.09.14 17:34:37 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.09.14 17:34:26 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006.09.14 13:30:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.09.14 13:14:50 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini [2006.09.14 12:54:01 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.09.14 12:50:38 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe [2006.09.14 11:18:00 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.09.14 11:10:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.09.14 11:10:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.09.14 11:10:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.09.14 11:10:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.09.14 11:10:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.09.14 11:10:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.09.14 10:57:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2006.09.14 10:56:57 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006.09.14 10:56:57 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006.09.14 10:48:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2006.09.14 10:40:34 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006.09.14 10:40:34 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006.09.14 10:40:33 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2006.09.14 10:40:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2006.09.14 10:38:34 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat [2006.09.14 10:38:34 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat [2006.09.14 10:38:32 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.09.14 10:38:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.09.13 16:48:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.09.13 16:47:28 | 000,140,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.09.13 16:00:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.09.13 15:53:35 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.09.13 15:41:43 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe [2006.09.13 15:41:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006.09.13 15:41:43 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.09.13 15:41:31 | 000,459,578 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.09.13 15:41:31 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.09.13 15:41:31 | 000,084,914 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.09.13 15:41:31 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.09.13 15:40:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.09.13 15:40:53 | 000,441,696 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.09.13 15:40:53 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.09.13 15:40:53 | 000,071,632 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.09.13 15:40:53 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.09.13 15:40:52 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.09.13 15:40:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.09.13 15:40:47 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.09.13 15:40:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.09.13 15:40:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.09.13 15:40:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.09.13 15:40:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.01.30 22:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.09.02 13:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.08.05 13:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.22 20:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.07.20 16:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 13:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.29 23:48:49 | 000,000,000 | ---D | M] -- C:\CMPNENTS [2011.07.30 20:03:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.07.29 23:58:25 | 000,000,000 | ---D | M] -- C:\I386 [2011.12.21 23:29:28 | 000,000,000 | R--D | M] -- C:\Programme [2011.08.04 18:23:32 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.07.30 00:05:57 | 000,000,000 | ---D | M] -- C:\SUPPORT [2011.07.29 15:35:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2006.09.21 21:23:23 | 000,000,000 | ---D | M] -- C:\TOOLSCD [2011.07.29 17:06:43 | 000,000,000 | ---D | M] -- C:\totalcmd [2011.07.30 00:12:09 | 000,000,000 | ---D | M] -- C:\VALUEADD [2011.12.22 20:03:18 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: AFD.SYS > [2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys [2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys [2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys [2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys [2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys [2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys [2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys [2004.08.10 13:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys [2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys [2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys [2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys [2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys [2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys [2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys [2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys [2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys < MD5 for: EXPLORER.EXE > [2004.08.10 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: IPSEC.SYS > [2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys [2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys [2004.08.10 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys < MD5 for: REGEDIT.EXE > [2004.08.10 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE [2004.08.10 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 13:02:41 < > < End of report > [/code] eine Extras-Datei gibts nicht Danke Sorry, habe den "Scan-Button" ausgelöst und nicht den "Quick-Scan" -> läuft gerade noch mal Geändert von hahnhuhn (22.12.2011 um 22:37 Uhr) |
|
22.12.2011, 22:46
| #18 |
| | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll hier die neue OTL-Log-Datei: mit Quick-Scan
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.12.2011 22:36:34 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = E:\Dokumente und Einstellungen\A*\Eigene Dateien\Notebook\Software\Windows_XP neu installieren - Downloads\Trojaner Board\OTL Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,98 Mb Total Physical Memory | 299,59 Mb Available Physical Memory | 29,31% Memory free 2,41 Gb Paging File | 1,45 Gb Available in Paging File | 60,12% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 49,81 Gb Total Space | 33,92 Gb Free Space | 68,11% Space Free | Partition Type: NTFS Drive D: | 41,01 Gb Total Space | 37,08 Gb Free Space | 90,42% Space Free | Partition Type: NTFS Drive E: | 107,26 Gb Total Space | 70,18 Gb Free Space | 65,43% Space Free | Partition Type: NTFS Drive G: | 232,83 Gb Total Space | 126,14 Gb Free Space | 54,18% Space Free | Partition Type: FAT32 Computer Name: A*SPC | User Name: A* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.21 21:14:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\A*\Eigene Dateien\Notebook\Software\Windows_XP neu installieren - Downloads\Trojaner Board\OTL\OTL.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.10.04 20:24:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.17 17:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.03.10 17:20:00 | 000,689,488 | ---- | M] (CANON INC.) -- C:\Programme\Canon\SolutionMenu\CNSLMAIN.EXE PRC - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2006.09.22 00:41:30 | 001,949,912 | ---- | M] (Acronis) -- D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2006.09.22 00:35:14 | 000,082,832 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2006.09.22 00:35:08 | 000,226,192 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2006.09.22 00:33:02 | 001,176,768 | ---- | M] (Acronis) -- D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2006.08.25 12:47:12 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe PRC - [2006.08.01 23:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2006.08.01 23:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2006.08.01 23:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2006.06.29 09:30:34 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe PRC - [2006.03.02 23:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\Toshiba.exe PRC - [2006.02.07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe PRC - [2006.02.02 12:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Tvs\TvsTray.exe PRC - [2005.10.06 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.08.03 15:16:04 | 000,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2005.08.03 15:15:50 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2005.05.13 10:01:30 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe PRC - [2005.04.12 09:05:26 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2002.01.07 14:53:14 | 000,200,704 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- D:\Programme\FinePixViewer\QuickDCF.exe PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.12.22 09:37:50 | 001,656,320 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\11122200\algo.dll MOD - [2011.12.20 00:49:56 | 000,241,528 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\11122200\aswRep.dll MOD - [2011.12.15 14:27:18 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011.11.10 05:53:45 | 000,008,192 | ---- | M] () -- C:\Programme\Java\jre6\bin\jp2native.dll MOD - [2011.10.04 20:24:02 | 001,833,944 | ---- | M] () -- D:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.02.04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe MOD - [2006.09.21 23:38:24 | 000,045,968 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll MOD - [2006.08.01 23:26:20 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2006.08.01 23:24:54 | 000,348,160 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll MOD - [2006.06.23 12:07:08 | 001,167,360 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll MOD - [2006.05.01 21:04:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006.05.01 21:04:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2006.01.04 17:14:36 | 000,049,152 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll MOD - [2005.11.23 13:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll MOD - [2004.07.20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2006.09.22 00:35:08 | 000,226,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2006.02.07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.30 18:03:29 | 000,397,296 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2011.07.30 18:03:29 | 000,033,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2011.07.30 18:03:18 | 000,107,056 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.08.02 00:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006.05.30 15:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2006.05.05 15:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.03.22 07:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.12.13 17:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.11.30 18:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.11.28 09:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid) DRV - [2005.10.20 13:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD) DRV - [2005.10.06 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.10.06 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.10.06 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.10.06 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.10.06 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.10.06 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.10.06 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.09.09 13:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec) DRV - [2005.08.25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2003.09.19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.01.29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) DRV - [2001.11.21 20:09:00 | 000,081,796 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB0109.SYS -- (FINEPIX_PCC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: D:\Programme\AVAST Software\Avast\WebRep\FF [2011.12.15 14:29:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.10.04 20:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2011.10.27 08:53:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2011.07.29 19:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Mozilla\Extensions [2011.07.29 19:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.21 22:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Mozilla\Firefox\Profiles\h6ymivw5.default\extensions [2011.06.29 08:27:36 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Mozilla\Firefox\Profiles\h6ymivw5.default\searchplugins\conduit.xml [2011.07.29 19:56:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.07.30 13:29:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.12.15 14:29:14 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (MSN Suche Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] D:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher.lnk = D:\Programme\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.) O4 - Startup: C:\Dokumente und Einstellungen\A*\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = D:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &MSN Suche - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - C:\Programme\MSN Toolbar Suite\de-de\msntabres.dll.mui (Microsoft Corporation) O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - C:\Programme\MSN Toolbar Suite\de-de\msntabres.dll.mui (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{328A1E9E-C724-4A4E-80C2-A948D5BD7872}: DhcpNameServer = 192.168.100.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\TOSHIBA SATELLITE.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\TOSHIBA SATELLITE.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.13 15:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067) ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.22 13:47:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011.12.21 23:29:28 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.12.21 22:16:00 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.21 22:15:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Malwarebytes [2011.12.21 22:14:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.12.21 22:14:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.12.21 22:14:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.12.21 22:12:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011.12.21 22:02:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2006.09.14 10:48:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.22 10:29:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.12.21 22:16:00 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.21 22:14:55 | 000,000,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.21 22:11:37 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.12.21 22:09:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.21 22:09:19 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys [2011.12.16 10:10:18 | 000,459,578 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.12.16 10:10:18 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.12.16 10:10:18 | 000,084,914 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.12.16 10:10:18 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.12.15 14:29:16 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011.12.15 14:23:01 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.12.15 14:01:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.12.12 17:49:56 | 000,023,004 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Schilddrüse.odt [2011.12.03 17:23:46 | 000,002,267 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickSteuer Deluxe 2011.lnk [2011.11.28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011.11.28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011.11.28 18:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011.11.28 15:30:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.21 22:14:55 | 000,000,639 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.02 14:45:24 | 000,023,004 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Schilddrüse.odt [2011.11.06 13:47:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.10.31 15:01:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.09.10 13:45:48 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2011.08.16 19:40:17 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\A*\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.30 20:20:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.07.30 12:31:32 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2011.07.29 19:33:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.07.29 15:36:39 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\A*\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.09.14 17:34:45 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.09.14 17:34:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.09.14 17:34:43 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.09.14 17:34:43 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.09.14 17:34:41 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.09.14 17:34:41 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.09.14 17:34:38 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.09.14 17:34:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.09.14 17:34:37 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.09.14 17:34:26 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006.09.14 13:30:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.09.14 13:14:50 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini [2006.09.14 12:54:01 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.09.14 12:50:38 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe [2006.09.14 11:18:00 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.09.14 11:10:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.09.14 11:10:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.09.14 11:10:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.09.14 11:10:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.09.14 11:10:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.09.14 11:10:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.09.14 10:57:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2006.09.14 10:56:57 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006.09.14 10:56:57 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006.09.14 10:48:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2006.09.14 10:40:34 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006.09.14 10:40:34 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006.09.14 10:40:33 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2006.09.14 10:40:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2006.09.14 10:38:34 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat [2006.09.14 10:38:34 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat [2006.09.14 10:38:32 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.09.14 10:38:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.09.13 16:48:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.09.13 16:47:28 | 000,140,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.09.13 16:00:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.09.13 15:53:35 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.09.13 15:41:43 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe [2006.09.13 15:41:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006.09.13 15:41:43 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.09.13 15:41:31 | 000,459,578 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.09.13 15:41:31 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.09.13 15:41:31 | 000,084,914 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.09.13 15:41:31 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.09.13 15:40:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.09.13 15:40:53 | 000,441,696 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.09.13 15:40:53 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.09.13 15:40:53 | 000,071,632 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.09.13 15:40:53 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.09.13 15:40:52 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.09.13 15:40:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.09.13 15:40:47 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.09.13 15:40:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.09.13 15:40:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.09.13 15:40:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.09.13 15:40:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.01.30 22:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.09.02 13:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.08.05 13:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.22 20:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.07.20 16:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 13:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll ========== LOP Check ========== [2011.07.30 18:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2011.07.29 19:13:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2011.07.30 20:20:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.07.30 13:53:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.11.22 10:46:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ [2011.11.11 10:31:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2011.11.09 13:50:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX [2011.09.06 09:48:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter [2011.12.15 14:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM [2011.09.06 09:49:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2011.09.06 09:50:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenu [2011.07.30 14:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.09.30 09:07:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2011.07.30 20:20:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Canneverbe Limited [2011.09.06 09:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Canon [2011.11.11 10:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\CD-LabelPrint [2011.07.30 12:34:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\CheckPoint [2011.08.16 19:20:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\FUJIFILM [2011.07.29 17:06:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\GHISLER [2011.07.30 14:23:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Lexware [2011.08.02 10:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\OpenOffice.org [2011.11.06 13:48:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\pdfforge [2011.07.29 19:37:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Thunderbird [2011.07.29 23:49:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\toshiba [2011.07.29 23:49:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\A*\Anwendungsdaten\Windows Desktop Search ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.29 23:48:49 | 000,000,000 | ---D | M] -- C:\CMPNENTS [2011.07.30 20:03:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.07.29 23:58:25 | 000,000,000 | ---D | M] -- C:\I386 [2011.12.21 23:29:28 | 000,000,000 | R--D | M] -- C:\Programme [2011.08.04 18:23:32 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.07.30 00:05:57 | 000,000,000 | ---D | M] -- C:\SUPPORT [2011.07.29 15:35:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2006.09.21 21:23:23 | 000,000,000 | ---D | M] -- C:\TOOLSCD [2011.07.29 17:06:43 | 000,000,000 | ---D | M] -- C:\totalcmd [2011.07.30 00:12:09 | 000,000,000 | ---D | M] -- C:\VALUEADD [2011.12.22 20:03:18 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: AFD.SYS > [2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys [2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys [2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys [2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys [2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys [2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys [2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys [2004.08.10 13:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys [2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys [2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys [2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys [2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys [2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys [2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys [2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys [2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys < MD5 for: EXPLORER.EXE > [2004.08.10 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: IPSEC.SYS > [2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys [2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys [2004.08.10 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys < MD5 for: REGEDIT.EXE > [2004.08.10 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE [2004.08.10 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 13:02:41 < > < End of report > Danke |
|
23.12.2011, 16:32
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.13 15:57:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.01.09 09:50:08 | 000,000,113 | ---- | M] () - G:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009.02.11 20:58:00 | 000,000,000 | ---D | M] - G:\Autorun -- [ FAT32 ]
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2011, 17:21
| #20 |
| | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll alles gemacht. Allerdings wurde das Log-File nicht geöffnet. Windows heruntergefahren und dann kam nur noch ein schwarzer Bildschirm. Ich habe den harten Knopf gedrückt, danach fuhr der PC normal hoch und OTL.exe wurde geöffnet. hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
G:\Autorun.inf moved successfully.
File not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49152 bytes
User: All Users
User: Anke
->Temp folder emptied: 72167352 bytes
->Temporary Internet Files folder emptied: 115850807 bytes
->Java cache emptied: 4049 bytes
->FireFox cache emptied: 108801220 bytes
->Flash cache emptied: 975 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
User: Internet
->Temp folder emptied: 16997531 bytes
->Temporary Internet Files folder emptied: 419852 bytes
->Java cache emptied: 887514 bytes
->FireFox cache emptied: 263276640 bytes
->Flash cache emptied: 7585 bytes
User: LocalService
->Temp folder emptied: 1130936 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 1064184 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5383559 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8109918 bytes
RecycleBin emptied: 1291012283 bytes
Total Files Cleaned = 1.798,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12232011_164120
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
23.12.2011, 17:41
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll |
|
23.12.2011, 17:58
| #22 |
| | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll bekomme jetzt ein Fenster in dem einige Einträge stehen: Threats detected - Selection action for found objects ... Skip - copy to quarantine - delete Was soll ich da tun? erstmal Skip? Danke |
|
23.12.2011, 18:00
| #23 |
| | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll hier schon mal das Log-File: Code:
ATTFilter 17:50:53.0578 2496 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:50:54.0000 2496 ============================================================
17:50:54.0000 2496 Current date / time: 2011/12/23 17:50:54.0000
17:50:54.0000 2496 SystemInfo:
17:50:54.0000 2496
17:50:54.0000 2496 OS Version: 5.1.2600 ServicePack: 3.0
17:50:54.0000 2496 Product type: Workstation
17:50:54.0000 2496 ComputerName: ANKESPC
17:50:54.0000 2496 UserName: Anke
17:50:54.0000 2496 Windows directory: C:\WINDOWS
17:50:54.0000 2496 System windows directory: C:\WINDOWS
17:50:54.0000 2496 Processor architecture: Intel x86
17:50:54.0000 2496 Number of processors: 2
17:50:54.0000 2496 Page size: 0x1000
17:50:54.0000 2496 Boot type: Normal boot
17:50:54.0000 2496 ============================================================
17:50:59.0921 2496 Initialize success
17:53:41.0828 2780 ============================================================
17:53:41.0828 2780 Scan started
17:53:41.0828 2780 Mode: Manual; SigCheck; TDLFS;
17:53:41.0828 2780 ============================================================
17:53:42.0453 2780 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:53:42.0625 2780 Aavmker4 - ok
17:53:42.0640 2780 Abiosdsk - ok
17:53:42.0640 2780 abp480n5 - ok
17:53:42.0687 2780 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:53:43.0421 2780 ACPI - ok
17:53:43.0531 2780 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:53:43.0703 2780 ACPIEC - ok
17:53:43.0718 2780 adpu160m - ok
17:53:43.0750 2780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:53:43.0875 2780 aec - ok
17:53:43.0921 2780 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:53:43.0953 2780 AegisP ( UnsignedFile.Multi.Generic ) - warning
17:53:43.0953 2780 AegisP - detected UnsignedFile.Multi.Generic (1)
17:53:44.0000 2780 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:53:44.0062 2780 AFD - ok
17:53:44.0093 2780 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:53:44.0187 2780 AgereSoftModem - ok
17:53:44.0296 2780 Aha154x - ok
17:53:44.0312 2780 aic78u2 - ok
17:53:44.0328 2780 aic78xx - ok
17:53:44.0343 2780 AliIde - ok
17:53:44.0359 2780 amsint - ok
17:53:44.0406 2780 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:53:44.0531 2780 Arp1394 - ok
17:53:44.0531 2780 asc - ok
17:53:44.0546 2780 asc3350p - ok
17:53:44.0562 2780 asc3550 - ok
17:53:44.0625 2780 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:53:44.0640 2780 aswFsBlk - ok
17:53:44.0656 2780 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
17:53:44.0656 2780 aswMon2 - ok
17:53:44.0687 2780 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
17:53:44.0687 2780 aswRdr - ok
17:53:44.0718 2780 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
17:53:44.0750 2780 aswSnx - ok
17:53:44.0765 2780 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
17:53:44.0781 2780 aswSP - ok
17:53:44.0812 2780 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
17:53:44.0828 2780 aswTdi - ok
17:53:44.0843 2780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:53:44.0968 2780 AsyncMac - ok
17:53:44.0984 2780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:53:45.0109 2780 atapi - ok
17:53:45.0109 2780 Atdisk - ok
17:53:45.0171 2780 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:53:45.0250 2780 ati2mtag - ok
17:53:45.0406 2780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:53:45.0531 2780 Atmarpc - ok
17:53:45.0578 2780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:53:45.0687 2780 audstub - ok
17:53:45.0718 2780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:53:45.0843 2780 Beep - ok
17:53:45.0875 2780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:53:46.0015 2780 cbidf2k - ok
17:53:46.0046 2780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:53:46.0156 2780 CCDECODE - ok
17:53:46.0171 2780 cd20xrnt - ok
17:53:46.0187 2780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:53:46.0312 2780 Cdaudio - ok
17:53:46.0343 2780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:53:46.0484 2780 Cdfs - ok
17:53:46.0531 2780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:53:46.0656 2780 Cdrom - ok
17:53:46.0656 2780 Changer - ok
17:53:46.0687 2780 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:53:46.0812 2780 CmBatt - ok
17:53:46.0828 2780 CmdIde - ok
17:53:46.0843 2780 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:53:46.0953 2780 Compbatt - ok
17:53:46.0968 2780 Cpqarray - ok
17:53:46.0984 2780 dac2w2k - ok
17:53:47.0000 2780 dac960nt - ok
17:53:47.0015 2780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:53:47.0140 2780 Disk - ok
17:53:47.0171 2780 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:53:47.0171 2780 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0171 2780 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0187 2780 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:53:47.0203 2780 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0203 2780 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0218 2780 DLADResN (f17cfeb7f7e90496931523e5ba11d399) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:53:47.0218 2780 DLADResN ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0218 2780 DLADResN - detected UnsignedFile.Multi.Generic (1)
17:53:47.0234 2780 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:53:47.0234 2780 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0234 2780 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
17:53:47.0250 2780 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:53:47.0250 2780 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0250 2780 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0265 2780 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:53:47.0281 2780 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0281 2780 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0296 2780 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:53:47.0296 2780 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0296 2780 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
17:53:47.0312 2780 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:53:47.0328 2780 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0328 2780 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0343 2780 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:53:47.0343 2780 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0343 2780 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
17:53:47.0390 2780 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:53:47.0562 2780 dmboot - ok
17:53:47.0593 2780 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:53:47.0718 2780 dmio - ok
17:53:47.0750 2780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:53:47.0875 2780 dmload - ok
17:53:47.0906 2780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:53:48.0015 2780 DMusic - ok
17:53:48.0031 2780 dpti2o - ok
17:53:48.0046 2780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:53:48.0171 2780 drmkaud - ok
17:53:48.0187 2780 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:53:48.0187 2780 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
17:53:48.0187 2780 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
17:53:48.0203 2780 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:53:48.0218 2780 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
17:53:48.0218 2780 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
17:53:48.0234 2780 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:53:48.0281 2780 E100B - ok
17:53:48.0312 2780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:53:48.0437 2780 Fastfat - ok
17:53:48.0468 2780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:53:48.0578 2780 Fdc - ok
17:53:48.0609 2780 FINEPIX_PCC (acc6028a7c251080c98c39c180355d37) C:\WINDOWS\system32\Drivers\V4CB0109.SYS
17:53:48.0640 2780 FINEPIX_PCC - ok
17:53:48.0656 2780 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:53:48.0765 2780 Fips - ok
17:53:48.0796 2780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:53:48.0921 2780 Flpydisk - ok
17:53:48.0953 2780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:53:49.0062 2780 FltMgr - ok
17:53:49.0109 2780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:53:49.0234 2780 Fs_Rec - ok
17:53:49.0250 2780 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:53:49.0375 2780 Ftdisk - ok
17:53:49.0390 2780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:53:49.0515 2780 Gpc - ok
17:53:49.0546 2780 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:53:49.0656 2780 HDAudBus - ok
17:53:49.0687 2780 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:53:49.0812 2780 HidUsb - ok
17:53:49.0828 2780 hpn - ok
17:53:49.0875 2780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:53:49.0921 2780 HTTP - ok
17:53:49.0937 2780 i2omgmt - ok
17:53:49.0937 2780 i2omp - ok
17:53:49.0968 2780 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:53:50.0093 2780 i8042prt - ok
17:53:50.0140 2780 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:53:50.0218 2780 ialm - ok
17:53:50.0375 2780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:53:50.0500 2780 Imapi - ok
17:53:50.0515 2780 ini910u - ok
17:53:50.0640 2780 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:53:50.0828 2780 IntcAzAudAddService - ok
17:53:50.0937 2780 IntelIde - ok
17:53:50.0984 2780 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:53:51.0109 2780 intelppm - ok
17:53:51.0125 2780 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:53:51.0250 2780 Ip6Fw - ok
17:53:51.0281 2780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:53:51.0406 2780 IpFilterDriver - ok
17:53:51.0437 2780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:53:51.0578 2780 IpInIp - ok
17:53:51.0593 2780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:53:51.0718 2780 IpNat - ok
17:53:51.0750 2780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:53:51.0859 2780 IPSec - ok
17:53:51.0875 2780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:53:52.0000 2780 IRENUM - ok
17:53:52.0015 2780 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:53:52.0125 2780 isapnp - ok
17:53:52.0171 2780 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
17:53:52.0187 2780 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
17:53:52.0187 2780 Iviaspi - detected UnsignedFile.Multi.Generic (1)
17:53:52.0203 2780 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:53:52.0312 2780 Kbdclass - ok
17:53:52.0328 2780 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:53:52.0453 2780 kbdhid - ok
17:53:52.0468 2780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:53:52.0593 2780 kmixer - ok
17:53:52.0640 2780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:53:52.0671 2780 KSecDD - ok
17:53:52.0687 2780 lbrtfdc - ok
17:53:52.0734 2780 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
17:53:52.0750 2780 MBAMProtector - ok
17:53:52.0812 2780 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:53:52.0828 2780 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
17:53:52.0828 2780 MHNDRV - detected UnsignedFile.Multi.Generic (1)
17:53:52.0843 2780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:53:52.0968 2780 mnmdd - ok
17:53:53.0015 2780 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:53:53.0140 2780 Modem - ok
17:53:53.0156 2780 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:53:53.0281 2780 Mouclass - ok
17:53:53.0312 2780 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:53:53.0421 2780 mouhid - ok
17:53:53.0453 2780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:53:53.0578 2780 MountMgr - ok
17:53:53.0578 2780 mraid35x - ok
17:53:53.0593 2780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:53:53.0718 2780 MRxDAV - ok
17:53:53.0765 2780 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:53:53.0843 2780 MRxSmb - ok
17:53:53.0859 2780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:53:53.0968 2780 Msfs - ok
17:53:53.0984 2780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:53:54.0109 2780 MSKSSRV - ok
17:53:54.0125 2780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:53:54.0234 2780 MSPCLOCK - ok
17:53:54.0250 2780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:53:54.0375 2780 MSPQM - ok
17:53:54.0406 2780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:53:54.0515 2780 mssmbios - ok
17:53:54.0546 2780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:53:54.0671 2780 MSTEE - ok
17:53:54.0703 2780 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:53:54.0734 2780 Mup - ok
17:53:54.0781 2780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:53:54.0906 2780 NABTSFEC - ok
17:53:54.0953 2780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:53:55.0062 2780 NDIS - ok
17:53:55.0093 2780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:53:55.0203 2780 NdisIP - ok
17:53:55.0250 2780 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:53:55.0265 2780 NdisTapi - ok
17:53:55.0296 2780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:53:55.0406 2780 Ndisuio - ok
17:53:55.0421 2780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:53:55.0531 2780 NdisWan - ok
17:53:55.0578 2780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:53:55.0625 2780 NDProxy - ok
17:53:55.0671 2780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:53:55.0781 2780 NetBIOS - ok
17:53:55.0812 2780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:53:55.0921 2780 NetBT - ok
17:53:55.0968 2780 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
17:53:55.0984 2780 Netdevio ( UnsignedFile.Multi.Generic ) - warning
17:53:55.0984 2780 Netdevio - detected UnsignedFile.Multi.Generic (1)
17:53:56.0062 2780 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
17:53:56.0187 2780 NETw3x32 - ok
17:53:56.0328 2780 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:53:56.0453 2780 NIC1394 - ok
17:53:56.0484 2780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:53:56.0609 2780 Npfs - ok
17:53:56.0625 2780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:53:56.0781 2780 Ntfs - ok
17:53:56.0828 2780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:53:56.0937 2780 Null - ok
17:53:57.0031 2780 nv (ac5267c71f72fb42511ed5790ba0e9f5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:53:57.0203 2780 nv - ok
17:53:57.0328 2780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:53:57.0468 2780 NwlnkFlt - ok
17:53:57.0484 2780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:53:57.0625 2780 NwlnkFwd - ok
17:53:57.0656 2780 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:53:57.0781 2780 ohci1394 - ok
17:53:57.0796 2780 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:53:57.0921 2780 Parport - ok
17:53:57.0937 2780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:53:58.0046 2780 PartMgr - ok
17:53:58.0062 2780 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:53:58.0203 2780 ParVdm - ok
17:53:58.0234 2780 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:53:58.0343 2780 PCI - ok
17:53:58.0343 2780 PCIDump - ok
17:53:58.0359 2780 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:53:58.0484 2780 PCIIde - ok
17:53:58.0500 2780 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:53:58.0625 2780 Pcmcia - ok
17:53:58.0625 2780 PDCOMP - ok
17:53:58.0640 2780 PDFRAME - ok
17:53:58.0656 2780 PDRELI - ok
17:53:58.0671 2780 PDRFRAME - ok
17:53:58.0687 2780 perc2 - ok
17:53:58.0703 2780 perc2hib - ok
17:53:58.0750 2780 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
17:53:58.0765 2780 Pfc ( UnsignedFile.Multi.Generic ) - warning
17:53:58.0765 2780 Pfc - detected UnsignedFile.Multi.Generic (1)
17:53:58.0796 2780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:53:58.0906 2780 PptpMiniport - ok
17:53:58.0921 2780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:53:59.0046 2780 PSched - ok
17:53:59.0046 2780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:53:59.0187 2780 Ptilink - ok
17:53:59.0203 2780 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:53:59.0234 2780 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:53:59.0234 2780 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:53:59.0250 2780 ql1080 - ok
17:53:59.0265 2780 Ql10wnt - ok
17:53:59.0281 2780 ql12160 - ok
17:53:59.0296 2780 ql1240 - ok
17:53:59.0296 2780 ql1280 - ok
17:53:59.0328 2780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:53:59.0453 2780 RasAcd - ok
17:53:59.0468 2780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:53:59.0578 2780 Rasl2tp - ok
17:53:59.0593 2780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:53:59.0718 2780 RasPppoe - ok
17:53:59.0734 2780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:53:59.0859 2780 Raspti - ok
17:53:59.0875 2780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:54:00.0000 2780 Rdbss - ok
17:54:00.0015 2780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:54:00.0140 2780 RDPCDD - ok
17:54:00.0156 2780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:54:00.0281 2780 rdpdr - ok
17:54:00.0328 2780 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:54:00.0375 2780 RDPWD - ok
17:54:00.0406 2780 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:54:00.0531 2780 redbook - ok
17:54:00.0609 2780 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:54:00.0625 2780 s24trans ( UnsignedFile.Multi.Generic ) - warning
17:54:00.0625 2780 s24trans - detected UnsignedFile.Multi.Generic (1)
17:54:00.0671 2780 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:54:00.0781 2780 sdbus - ok
17:54:00.0812 2780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:54:00.0921 2780 Secdrv - ok
17:54:00.0953 2780 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
17:54:01.0078 2780 Serial - ok
17:54:01.0109 2780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:54:01.0218 2780 Sfloppy - ok
17:54:01.0234 2780 Simbad - ok
17:54:01.0265 2780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:54:01.0390 2780 SLIP - ok
17:54:01.0437 2780 snapman (78f86c54076c58fa1041cd7e1edaf039) C:\WINDOWS\system32\DRIVERS\snapman.sys
17:54:01.0453 2780 snapman ( UnsignedFile.Multi.Generic ) - warning
17:54:01.0453 2780 snapman - detected UnsignedFile.Multi.Generic (1)
17:54:01.0468 2780 Sparrow - ok
17:54:01.0515 2780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:54:01.0625 2780 splitter - ok
17:54:01.0640 2780 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:54:01.0750 2780 sr - ok
17:54:01.0781 2780 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:54:01.0843 2780 Srv - ok
17:54:01.0875 2780 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
17:54:01.0890 2780 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:54:01.0890 2780 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:54:01.0937 2780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:54:02.0046 2780 streamip - ok
17:54:02.0078 2780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:54:02.0187 2780 swenum - ok
17:54:02.0203 2780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:54:02.0328 2780 swmidi - ok
17:54:02.0343 2780 symc810 - ok
17:54:02.0359 2780 symc8xx - ok
17:54:02.0375 2780 sym_hi - ok
17:54:02.0390 2780 sym_u3 - ok
17:54:02.0421 2780 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:54:02.0468 2780 SynTP - ok
17:54:02.0484 2780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:54:02.0609 2780 sysaudio - ok
17:54:02.0656 2780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:54:02.0765 2780 Tcpip - ok
17:54:02.0796 2780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:54:02.0921 2780 TDPIPE - ok
17:54:02.0953 2780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:54:03.0078 2780 TDTCP - ok
17:54:03.0093 2780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:54:03.0203 2780 TermDD - ok
17:54:03.0250 2780 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
17:54:03.0281 2780 tifm21 - ok
17:54:03.0328 2780 tifsfilter (8a13353f3bf0b7435ed4e3ac663cfbf3) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
17:54:03.0343 2780 tifsfilter ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0343 2780 tifsfilter - detected UnsignedFile.Multi.Generic (1)
17:54:03.0359 2780 timounter (ba4e56bb49730c7a0ce0b684bb696ac8) C:\WINDOWS\system32\DRIVERS\timntr.sys
17:54:03.0421 2780 timounter ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0421 2780 timounter - detected UnsignedFile.Multi.Generic (1)
17:54:03.0437 2780 TosIde - ok
17:54:03.0453 2780 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
17:54:03.0484 2780 tosrfec ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0484 2780 tosrfec - detected UnsignedFile.Multi.Generic (1)
17:54:03.0531 2780 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
17:54:03.0578 2780 TVALD ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0578 2780 TVALD - detected UnsignedFile.Multi.Generic (1)
17:54:03.0593 2780 Tvs (546dfba6486569120d33f7ad6e94efdd) C:\WINDOWS\system32\DRIVERS\Tvs.sys
17:54:03.0625 2780 Tvs ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0625 2780 Tvs - detected UnsignedFile.Multi.Generic (1)
17:54:03.0656 2780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:54:03.0765 2780 Udfs - ok
17:54:03.0765 2780 ultra - ok
17:54:03.0812 2780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:54:03.0968 2780 Update - ok
17:54:04.0015 2780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:54:04.0125 2780 usbccgp - ok
17:54:04.0140 2780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:54:04.0265 2780 usbehci - ok
17:54:04.0312 2780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:54:04.0421 2780 usbhub - ok
17:54:04.0437 2780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:54:04.0562 2780 usbprint - ok
17:54:04.0578 2780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:54:04.0703 2780 usbscan - ok
17:54:04.0734 2780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:54:04.0843 2780 USBSTOR - ok
17:54:04.0875 2780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:54:04.0984 2780 usbuhci - ok
17:54:05.0000 2780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:54:05.0109 2780 VgaSave - ok
17:54:05.0125 2780 ViaIde - ok
17:54:05.0140 2780 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:54:05.0265 2780 VolSnap - ok
17:54:05.0296 2780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:54:05.0406 2780 Wanarp - ok
17:54:05.0421 2780 WDICA - ok
17:54:05.0453 2780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:54:05.0578 2780 wdmaud - ok
17:54:05.0640 2780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:54:05.0765 2780 WSTCODEC - ok
17:54:05.0812 2780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:54:05.0859 2780 WudfPf - ok
17:54:05.0890 2780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:54:05.0921 2780 WudfRd - ok
17:54:05.0968 2780 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
17:54:06.0000 2780 X10Hid - ok
17:54:06.0031 2780 MBR (0x1B8) (8c8ba10e36bff9b7662bf975ca546361) \Device\Harddisk0\DR0
17:54:06.0531 2780 \Device\Harddisk0\DR0 - ok
17:54:06.0546 2780 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR5
17:54:06.0703 2780 \Device\Harddisk1\DR5 - ok
17:54:06.0718 2780 Boot (0x1200) (2451973adb514123018471c881e89776) \Device\Harddisk0\DR0\Partition0
17:54:06.0718 2780 \Device\Harddisk0\DR0\Partition0 - ok
17:54:06.0750 2780 Boot (0x1200) (14af69c61b43df8902b6ec2a78887883) \Device\Harddisk0\DR0\Partition1
17:54:06.0750 2780 \Device\Harddisk0\DR0\Partition1 - ok
17:54:06.0765 2780 Boot (0x1200) (b5c0a5ba1ca1f686b3f36ed3c9d01f1d) \Device\Harddisk0\DR0\Partition2
17:54:06.0765 2780 \Device\Harddisk0\DR0\Partition2 - ok
17:54:06.0765 2780 Boot (0x1200) (f4c36cafd50262e101fac2d00ddbe2ac) \Device\Harddisk1\DR5\Partition0
17:54:06.0765 2780 \Device\Harddisk1\DR5\Partition0 - ok
17:54:06.0765 2780 ============================================================
17:54:06.0765 2780 Scan finished
17:54:06.0765 2780 ============================================================
17:54:06.0906 3560 Detected object count: 25
17:54:06.0906 3560 Actual detected object count: 25
|
|
23.12.2011, 18:23
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll Log ist unvollständig!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2011, 18:56
| #25 |
| | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll und noch mal: bekomme jetzt ein Fenster in dem einige Einträge stehen: Threats detected - Selection action for found objects ... Skip - copy to quarantine - delete Was soll ich da tun? erstmal Skip? liegt daran das unvollständige Log? Ich habe da keine Ahnung! Danke |
|
23.12.2011, 21:09
| #26 |
| | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll hier das komplette log: Code:
ATTFilter 17:50:53.0578 2496 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:50:54.0000 2496 ============================================================
17:50:54.0000 2496 Current date / time: 2011/12/23 17:50:54.0000
17:50:54.0000 2496 SystemInfo:
17:50:54.0000 2496
17:50:54.0000 2496 OS Version: 5.1.2600 ServicePack: 3.0
17:50:54.0000 2496 Product type: Workstation
17:50:54.0000 2496 ComputerName: ANKESPC
17:50:54.0000 2496 UserName: Anke
17:50:54.0000 2496 Windows directory: C:\WINDOWS
17:50:54.0000 2496 System windows directory: C:\WINDOWS
17:50:54.0000 2496 Processor architecture: Intel x86
17:50:54.0000 2496 Number of processors: 2
17:50:54.0000 2496 Page size: 0x1000
17:50:54.0000 2496 Boot type: Normal boot
17:50:54.0000 2496 ============================================================
17:50:59.0921 2496 Initialize success
17:53:41.0828 2780 ============================================================
17:53:41.0828 2780 Scan started
17:53:41.0828 2780 Mode: Manual; SigCheck; TDLFS;
17:53:41.0828 2780 ============================================================
17:53:42.0453 2780 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:53:42.0625 2780 Aavmker4 - ok
17:53:42.0640 2780 Abiosdsk - ok
17:53:42.0640 2780 abp480n5 - ok
17:53:42.0687 2780 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:53:43.0421 2780 ACPI - ok
17:53:43.0531 2780 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:53:43.0703 2780 ACPIEC - ok
17:53:43.0718 2780 adpu160m - ok
17:53:43.0750 2780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:53:43.0875 2780 aec - ok
17:53:43.0921 2780 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:53:43.0953 2780 AegisP ( UnsignedFile.Multi.Generic ) - warning
17:53:43.0953 2780 AegisP - detected UnsignedFile.Multi.Generic (1)
17:53:44.0000 2780 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:53:44.0062 2780 AFD - ok
17:53:44.0093 2780 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:53:44.0187 2780 AgereSoftModem - ok
17:53:44.0296 2780 Aha154x - ok
17:53:44.0312 2780 aic78u2 - ok
17:53:44.0328 2780 aic78xx - ok
17:53:44.0343 2780 AliIde - ok
17:53:44.0359 2780 amsint - ok
17:53:44.0406 2780 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:53:44.0531 2780 Arp1394 - ok
17:53:44.0531 2780 asc - ok
17:53:44.0546 2780 asc3350p - ok
17:53:44.0562 2780 asc3550 - ok
17:53:44.0625 2780 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:53:44.0640 2780 aswFsBlk - ok
17:53:44.0656 2780 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
17:53:44.0656 2780 aswMon2 - ok
17:53:44.0687 2780 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
17:53:44.0687 2780 aswRdr - ok
17:53:44.0718 2780 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
17:53:44.0750 2780 aswSnx - ok
17:53:44.0765 2780 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
17:53:44.0781 2780 aswSP - ok
17:53:44.0812 2780 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
17:53:44.0828 2780 aswTdi - ok
17:53:44.0843 2780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:53:44.0968 2780 AsyncMac - ok
17:53:44.0984 2780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:53:45.0109 2780 atapi - ok
17:53:45.0109 2780 Atdisk - ok
17:53:45.0171 2780 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:53:45.0250 2780 ati2mtag - ok
17:53:45.0406 2780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:53:45.0531 2780 Atmarpc - ok
17:53:45.0578 2780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:53:45.0687 2780 audstub - ok
17:53:45.0718 2780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:53:45.0843 2780 Beep - ok
17:53:45.0875 2780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:53:46.0015 2780 cbidf2k - ok
17:53:46.0046 2780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:53:46.0156 2780 CCDECODE - ok
17:53:46.0171 2780 cd20xrnt - ok
17:53:46.0187 2780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:53:46.0312 2780 Cdaudio - ok
17:53:46.0343 2780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:53:46.0484 2780 Cdfs - ok
17:53:46.0531 2780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:53:46.0656 2780 Cdrom - ok
17:53:46.0656 2780 Changer - ok
17:53:46.0687 2780 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:53:46.0812 2780 CmBatt - ok
17:53:46.0828 2780 CmdIde - ok
17:53:46.0843 2780 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:53:46.0953 2780 Compbatt - ok
17:53:46.0968 2780 Cpqarray - ok
17:53:46.0984 2780 dac2w2k - ok
17:53:47.0000 2780 dac960nt - ok
17:53:47.0015 2780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:53:47.0140 2780 Disk - ok
17:53:47.0171 2780 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:53:47.0171 2780 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0171 2780 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0187 2780 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:53:47.0203 2780 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0203 2780 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0218 2780 DLADResN (f17cfeb7f7e90496931523e5ba11d399) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:53:47.0218 2780 DLADResN ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0218 2780 DLADResN - detected UnsignedFile.Multi.Generic (1)
17:53:47.0234 2780 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:53:47.0234 2780 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0234 2780 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
17:53:47.0250 2780 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:53:47.0250 2780 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0250 2780 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0265 2780 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:53:47.0281 2780 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0281 2780 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0296 2780 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:53:47.0296 2780 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0296 2780 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
17:53:47.0312 2780 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:53:47.0328 2780 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0328 2780 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
17:53:47.0343 2780 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:53:47.0343 2780 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0343 2780 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
17:53:47.0390 2780 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:53:47.0562 2780 dmboot - ok
17:53:47.0593 2780 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:53:47.0718 2780 dmio - ok
17:53:47.0750 2780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:53:47.0875 2780 dmload - ok
17:53:47.0906 2780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:53:48.0015 2780 DMusic - ok
17:53:48.0031 2780 dpti2o - ok
17:53:48.0046 2780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:53:48.0171 2780 drmkaud - ok
17:53:48.0187 2780 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:53:48.0187 2780 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
17:53:48.0187 2780 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
17:53:48.0203 2780 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:53:48.0218 2780 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
17:53:48.0218 2780 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
17:53:48.0234 2780 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:53:48.0281 2780 E100B - ok
17:53:48.0312 2780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:53:48.0437 2780 Fastfat - ok
17:53:48.0468 2780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:53:48.0578 2780 Fdc - ok
17:53:48.0609 2780 FINEPIX_PCC (acc6028a7c251080c98c39c180355d37) C:\WINDOWS\system32\Drivers\V4CB0109.SYS
17:53:48.0640 2780 FINEPIX_PCC - ok
17:53:48.0656 2780 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:53:48.0765 2780 Fips - ok
17:53:48.0796 2780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:53:48.0921 2780 Flpydisk - ok
17:53:48.0953 2780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:53:49.0062 2780 FltMgr - ok
17:53:49.0109 2780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:53:49.0234 2780 Fs_Rec - ok
17:53:49.0250 2780 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:53:49.0375 2780 Ftdisk - ok
17:53:49.0390 2780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:53:49.0515 2780 Gpc - ok
17:53:49.0546 2780 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:53:49.0656 2780 HDAudBus - ok
17:53:49.0687 2780 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:53:49.0812 2780 HidUsb - ok
17:53:49.0828 2780 hpn - ok
17:53:49.0875 2780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:53:49.0921 2780 HTTP - ok
17:53:49.0937 2780 i2omgmt - ok
17:53:49.0937 2780 i2omp - ok
17:53:49.0968 2780 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:53:50.0093 2780 i8042prt - ok
17:53:50.0140 2780 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:53:50.0218 2780 ialm - ok
17:53:50.0375 2780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:53:50.0500 2780 Imapi - ok
17:53:50.0515 2780 ini910u - ok
17:53:50.0640 2780 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:53:50.0828 2780 IntcAzAudAddService - ok
17:53:50.0937 2780 IntelIde - ok
17:53:50.0984 2780 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:53:51.0109 2780 intelppm - ok
17:53:51.0125 2780 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:53:51.0250 2780 Ip6Fw - ok
17:53:51.0281 2780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:53:51.0406 2780 IpFilterDriver - ok
17:53:51.0437 2780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:53:51.0578 2780 IpInIp - ok
17:53:51.0593 2780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:53:51.0718 2780 IpNat - ok
17:53:51.0750 2780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:53:51.0859 2780 IPSec - ok
17:53:51.0875 2780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:53:52.0000 2780 IRENUM - ok
17:53:52.0015 2780 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:53:52.0125 2780 isapnp - ok
17:53:52.0171 2780 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
17:53:52.0187 2780 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
17:53:52.0187 2780 Iviaspi - detected UnsignedFile.Multi.Generic (1)
17:53:52.0203 2780 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:53:52.0312 2780 Kbdclass - ok
17:53:52.0328 2780 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:53:52.0453 2780 kbdhid - ok
17:53:52.0468 2780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:53:52.0593 2780 kmixer - ok
17:53:52.0640 2780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:53:52.0671 2780 KSecDD - ok
17:53:52.0687 2780 lbrtfdc - ok
17:53:52.0734 2780 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
17:53:52.0750 2780 MBAMProtector - ok
17:53:52.0812 2780 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:53:52.0828 2780 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
17:53:52.0828 2780 MHNDRV - detected UnsignedFile.Multi.Generic (1)
17:53:52.0843 2780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:53:52.0968 2780 mnmdd - ok
17:53:53.0015 2780 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:53:53.0140 2780 Modem - ok
17:53:53.0156 2780 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:53:53.0281 2780 Mouclass - ok
17:53:53.0312 2780 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:53:53.0421 2780 mouhid - ok
17:53:53.0453 2780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:53:53.0578 2780 MountMgr - ok
17:53:53.0578 2780 mraid35x - ok
17:53:53.0593 2780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:53:53.0718 2780 MRxDAV - ok
17:53:53.0765 2780 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:53:53.0843 2780 MRxSmb - ok
17:53:53.0859 2780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:53:53.0968 2780 Msfs - ok
17:53:53.0984 2780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:53:54.0109 2780 MSKSSRV - ok
17:53:54.0125 2780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:53:54.0234 2780 MSPCLOCK - ok
17:53:54.0250 2780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:53:54.0375 2780 MSPQM - ok
17:53:54.0406 2780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:53:54.0515 2780 mssmbios - ok
17:53:54.0546 2780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:53:54.0671 2780 MSTEE - ok
17:53:54.0703 2780 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:53:54.0734 2780 Mup - ok
17:53:54.0781 2780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:53:54.0906 2780 NABTSFEC - ok
17:53:54.0953 2780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:53:55.0062 2780 NDIS - ok
17:53:55.0093 2780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:53:55.0203 2780 NdisIP - ok
17:53:55.0250 2780 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:53:55.0265 2780 NdisTapi - ok
17:53:55.0296 2780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:53:55.0406 2780 Ndisuio - ok
17:53:55.0421 2780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:53:55.0531 2780 NdisWan - ok
17:53:55.0578 2780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:53:55.0625 2780 NDProxy - ok
17:53:55.0671 2780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:53:55.0781 2780 NetBIOS - ok
17:53:55.0812 2780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:53:55.0921 2780 NetBT - ok
17:53:55.0968 2780 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
17:53:55.0984 2780 Netdevio ( UnsignedFile.Multi.Generic ) - warning
17:53:55.0984 2780 Netdevio - detected UnsignedFile.Multi.Generic (1)
17:53:56.0062 2780 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
17:53:56.0187 2780 NETw3x32 - ok
17:53:56.0328 2780 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:53:56.0453 2780 NIC1394 - ok
17:53:56.0484 2780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:53:56.0609 2780 Npfs - ok
17:53:56.0625 2780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:53:56.0781 2780 Ntfs - ok
17:53:56.0828 2780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:53:56.0937 2780 Null - ok
17:53:57.0031 2780 nv (ac5267c71f72fb42511ed5790ba0e9f5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:53:57.0203 2780 nv - ok
17:53:57.0328 2780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:53:57.0468 2780 NwlnkFlt - ok
17:53:57.0484 2780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:53:57.0625 2780 NwlnkFwd - ok
17:53:57.0656 2780 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:53:57.0781 2780 ohci1394 - ok
17:53:57.0796 2780 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:53:57.0921 2780 Parport - ok
17:53:57.0937 2780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:53:58.0046 2780 PartMgr - ok
17:53:58.0062 2780 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:53:58.0203 2780 ParVdm - ok
17:53:58.0234 2780 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:53:58.0343 2780 PCI - ok
17:53:58.0343 2780 PCIDump - ok
17:53:58.0359 2780 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:53:58.0484 2780 PCIIde - ok
17:53:58.0500 2780 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:53:58.0625 2780 Pcmcia - ok
17:53:58.0625 2780 PDCOMP - ok
17:53:58.0640 2780 PDFRAME - ok
17:53:58.0656 2780 PDRELI - ok
17:53:58.0671 2780 PDRFRAME - ok
17:53:58.0687 2780 perc2 - ok
17:53:58.0703 2780 perc2hib - ok
17:53:58.0750 2780 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
17:53:58.0765 2780 Pfc ( UnsignedFile.Multi.Generic ) - warning
17:53:58.0765 2780 Pfc - detected UnsignedFile.Multi.Generic (1)
17:53:58.0796 2780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:53:58.0906 2780 PptpMiniport - ok
17:53:58.0921 2780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:53:59.0046 2780 PSched - ok
17:53:59.0046 2780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:53:59.0187 2780 Ptilink - ok
17:53:59.0203 2780 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:53:59.0234 2780 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:53:59.0234 2780 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:53:59.0250 2780 ql1080 - ok
17:53:59.0265 2780 Ql10wnt - ok
17:53:59.0281 2780 ql12160 - ok
17:53:59.0296 2780 ql1240 - ok
17:53:59.0296 2780 ql1280 - ok
17:53:59.0328 2780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:53:59.0453 2780 RasAcd - ok
17:53:59.0468 2780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:53:59.0578 2780 Rasl2tp - ok
17:53:59.0593 2780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:53:59.0718 2780 RasPppoe - ok
17:53:59.0734 2780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:53:59.0859 2780 Raspti - ok
17:53:59.0875 2780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:54:00.0000 2780 Rdbss - ok
17:54:00.0015 2780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:54:00.0140 2780 RDPCDD - ok
17:54:00.0156 2780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:54:00.0281 2780 rdpdr - ok
17:54:00.0328 2780 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:54:00.0375 2780 RDPWD - ok
17:54:00.0406 2780 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:54:00.0531 2780 redbook - ok
17:54:00.0609 2780 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:54:00.0625 2780 s24trans ( UnsignedFile.Multi.Generic ) - warning
17:54:00.0625 2780 s24trans - detected UnsignedFile.Multi.Generic (1)
17:54:00.0671 2780 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:54:00.0781 2780 sdbus - ok
17:54:00.0812 2780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:54:00.0921 2780 Secdrv - ok
17:54:00.0953 2780 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
17:54:01.0078 2780 Serial - ok
17:54:01.0109 2780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:54:01.0218 2780 Sfloppy - ok
17:54:01.0234 2780 Simbad - ok
17:54:01.0265 2780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:54:01.0390 2780 SLIP - ok
17:54:01.0437 2780 snapman (78f86c54076c58fa1041cd7e1edaf039) C:\WINDOWS\system32\DRIVERS\snapman.sys
17:54:01.0453 2780 snapman ( UnsignedFile.Multi.Generic ) - warning
17:54:01.0453 2780 snapman - detected UnsignedFile.Multi.Generic (1)
17:54:01.0468 2780 Sparrow - ok
17:54:01.0515 2780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:54:01.0625 2780 splitter - ok
17:54:01.0640 2780 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:54:01.0750 2780 sr - ok
17:54:01.0781 2780 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:54:01.0843 2780 Srv - ok
17:54:01.0875 2780 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
17:54:01.0890 2780 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:54:01.0890 2780 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:54:01.0937 2780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:54:02.0046 2780 streamip - ok
17:54:02.0078 2780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:54:02.0187 2780 swenum - ok
17:54:02.0203 2780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:54:02.0328 2780 swmidi - ok
17:54:02.0343 2780 symc810 - ok
17:54:02.0359 2780 symc8xx - ok
17:54:02.0375 2780 sym_hi - ok
17:54:02.0390 2780 sym_u3 - ok
17:54:02.0421 2780 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:54:02.0468 2780 SynTP - ok
17:54:02.0484 2780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:54:02.0609 2780 sysaudio - ok
17:54:02.0656 2780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:54:02.0765 2780 Tcpip - ok
17:54:02.0796 2780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:54:02.0921 2780 TDPIPE - ok
17:54:02.0953 2780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:54:03.0078 2780 TDTCP - ok
17:54:03.0093 2780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:54:03.0203 2780 TermDD - ok
17:54:03.0250 2780 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
17:54:03.0281 2780 tifm21 - ok
17:54:03.0328 2780 tifsfilter (8a13353f3bf0b7435ed4e3ac663cfbf3) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
17:54:03.0343 2780 tifsfilter ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0343 2780 tifsfilter - detected UnsignedFile.Multi.Generic (1)
17:54:03.0359 2780 timounter (ba4e56bb49730c7a0ce0b684bb696ac8) C:\WINDOWS\system32\DRIVERS\timntr.sys
17:54:03.0421 2780 timounter ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0421 2780 timounter - detected UnsignedFile.Multi.Generic (1)
17:54:03.0437 2780 TosIde - ok
17:54:03.0453 2780 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
17:54:03.0484 2780 tosrfec ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0484 2780 tosrfec - detected UnsignedFile.Multi.Generic (1)
17:54:03.0531 2780 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
17:54:03.0578 2780 TVALD ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0578 2780 TVALD - detected UnsignedFile.Multi.Generic (1)
17:54:03.0593 2780 Tvs (546dfba6486569120d33f7ad6e94efdd) C:\WINDOWS\system32\DRIVERS\Tvs.sys
17:54:03.0625 2780 Tvs ( UnsignedFile.Multi.Generic ) - warning
17:54:03.0625 2780 Tvs - detected UnsignedFile.Multi.Generic (1)
17:54:03.0656 2780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:54:03.0765 2780 Udfs - ok
17:54:03.0765 2780 ultra - ok
17:54:03.0812 2780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:54:03.0968 2780 Update - ok
17:54:04.0015 2780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:54:04.0125 2780 usbccgp - ok
17:54:04.0140 2780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:54:04.0265 2780 usbehci - ok
17:54:04.0312 2780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:54:04.0421 2780 usbhub - ok
17:54:04.0437 2780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:54:04.0562 2780 usbprint - ok
17:54:04.0578 2780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:54:04.0703 2780 usbscan - ok
17:54:04.0734 2780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:54:04.0843 2780 USBSTOR - ok
17:54:04.0875 2780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:54:04.0984 2780 usbuhci - ok
17:54:05.0000 2780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:54:05.0109 2780 VgaSave - ok
17:54:05.0125 2780 ViaIde - ok
17:54:05.0140 2780 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:54:05.0265 2780 VolSnap - ok
17:54:05.0296 2780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:54:05.0406 2780 Wanarp - ok
17:54:05.0421 2780 WDICA - ok
17:54:05.0453 2780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:54:05.0578 2780 wdmaud - ok
17:54:05.0640 2780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:54:05.0765 2780 WSTCODEC - ok
17:54:05.0812 2780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:54:05.0859 2780 WudfPf - ok
17:54:05.0890 2780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:54:05.0921 2780 WudfRd - ok
17:54:05.0968 2780 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
17:54:06.0000 2780 X10Hid - ok
17:54:06.0031 2780 MBR (0x1B8) (8c8ba10e36bff9b7662bf975ca546361) \Device\Harddisk0\DR0
17:54:06.0531 2780 \Device\Harddisk0\DR0 - ok
17:54:06.0546 2780 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR5
17:54:06.0703 2780 \Device\Harddisk1\DR5 - ok
17:54:06.0718 2780 Boot (0x1200) (2451973adb514123018471c881e89776) \Device\Harddisk0\DR0\Partition0
17:54:06.0718 2780 \Device\Harddisk0\DR0\Partition0 - ok
17:54:06.0750 2780 Boot (0x1200) (14af69c61b43df8902b6ec2a78887883) \Device\Harddisk0\DR0\Partition1
17:54:06.0750 2780 \Device\Harddisk0\DR0\Partition1 - ok
17:54:06.0765 2780 Boot (0x1200) (b5c0a5ba1ca1f686b3f36ed3c9d01f1d) \Device\Harddisk0\DR0\Partition2
17:54:06.0765 2780 \Device\Harddisk0\DR0\Partition2 - ok
17:54:06.0765 2780 Boot (0x1200) (f4c36cafd50262e101fac2d00ddbe2ac) \Device\Harddisk1\DR5\Partition0
17:54:06.0765 2780 \Device\Harddisk1\DR5\Partition0 - ok
17:54:06.0765 2780 ============================================================
17:54:06.0765 2780 Scan finished
17:54:06.0765 2780 ============================================================
17:54:06.0906 3560 Detected object count: 25
17:54:06.0906 3560 Actual detected object count: 25
21:05:25.0156 3560 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0156 3560 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0156 3560 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0156 3560 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0156 3560 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0156 3560 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0156 3560 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0156 3560 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0156 3560 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0156 3560 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0171 3560 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0171 3560 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0171 3560 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0171 3560 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0171 3560 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0171 3560 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0171 3560 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0171 3560 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0171 3560 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0171 3560 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0171 3560 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0171 3560 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0171 3560 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0171 3560 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0171 3560 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0171 3560 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0187 3560 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0187 3560 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0187 3560 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0187 3560 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0187 3560 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0187 3560 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0187 3560 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0187 3560 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0187 3560 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0187 3560 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0203 3560 snapman ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0203 3560 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0203 3560 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0203 3560 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0203 3560 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0203 3560 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0203 3560 timounter ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0203 3560 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0203 3560 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0203 3560 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0203 3560 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0203 3560 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:25.0203 3560 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:25.0203 3560 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
23.12.2011, 21:22
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2011, 11:19
| #28 |
| | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll hier die Log-Datei von Combifix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-12-26.03 - Anke 27.12.2011 10:56:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1022.592 [GMT 1:00]
ausgeführt von:: e:\dokumente und einstellungen\Anke\Eigene Dateien\Notebook\Software\Windows_XP neu installieren - Downloads\Trojaner Board\Combofix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\Anke\WINDOWS
c:\dokumente und einstellungen\Default User\WINDOWS
c:\dokumente und einstellungen\Internet\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\kb913800.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-27 bis 2011-12-27 ))))))))))))))))))))))))))))))
.
.
2011-12-21 22:29 . 2011-12-21 22:29 -------- d-----w- c:\programme\ESET
2011-12-21 21:16 . 2011-12-21 21:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-21 21:15 . 2011-12-21 21:15 -------- d-----w- c:\dokumente und einstellungen\Anke\Anwendungsdaten\Malwarebytes
2011-12-21 21:14 . 2011-12-21 21:14 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-21 21:14 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-21 21:12 . 2011-12-21 21:12 -------- d-----w- c:\windows\Internet Logs
2011-12-17 16:07 . 2011-12-17 16:07 388096 ----a-r- c:\dokumente und einstellungen\Internet\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 13:27 . 2011-07-29 19:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-07-29 18:13 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-07-29 18:13 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-07-29 18:13 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-07-29 18:14 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-07-29 18:13 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-07-29 18:13 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-07-29 18:13 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-07-29 18:13 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-07-29 18:14 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-07-29 18:13 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-23 14:40 . 2006-09-13 14:41 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 04:54 . 2011-07-29 18:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2011-07-29 18:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-01 16:07 . 2006-09-13 14:40 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:36 . 2006-09-13 14:41 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:36 . 2006-09-13 14:40 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:36 . 2006-09-13 14:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:36 . 2006-09-13 14:40 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2006-09-13 14:40 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2006-09-13 14:40 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2004-08-04 00:50 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-14 16:38 . 2006-09-13 14:40 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2006-09-13 14:54 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- d:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"nwiz"="nwiz.exe" [2006-05-01 1519616]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 88204]
"THotkey"="c:\programme\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\programme\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2005-05-13 118784]
"TFncKy"="TFncKy.exe" [BU]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"avast"="d:\programme\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"TrueImageMonitor.exe"="d:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-09-21 1176768]
"AcronisTimounterMonitor"="d:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-09-21 1949912]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2006-09-21 82832]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"REGSHAVE"="c:\programme\REGSHAVE\REGSHAVE.EXE" [2002-01-21 53248]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"Malwarebytes' Anti-Malware"="d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Internet\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - d:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\dokumente und einstellungen\Anke\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - d:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Exif Launcher.lnk - d:\programme\FinePixViewer\QuickDCF.exe [2011-8-16 200704]
Windows-Desktopsuche.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29.07.2011 19:13 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.07.2011 19:14 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.07.2011 19:14 20568]
R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [21.12.2011 22:14 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21.12.2011 22:14 22216]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [14.09.2006 12:50 7040]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://g.msn.de/8SEDEDE020600TBR/InstallTBSite
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: &MSN Suche - c:\programme\MSN Toolbar Suite\msntb.dll/search.htm
IE: In neuer Registerkarte im Hintergrund öffnen - c:\programme\MSN Toolbar Suite\de-de\msntabres.dll.mui/229?179e8bc44eb34a0686cdf87aca9c5169
IE: In neuer Registerkarte im Vordergrund öffnen - c:\programme\MSN Toolbar Suite\de-de\msntabres.dll.mui/230?179e8bc44eb34a0686cdf87aca9c5169
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\dokumente und einstellungen\Anke\Anwendungsdaten\Mozilla\Firefox\Profiles\h6ymivw5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm-Sicherheit Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
AddRemove-Power Saver - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-27 11:09
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\relog_ap.dll
.
Zeit der Fertigstellung: 2011-12-27 11:14:25
ComboFix-quarantined-files.txt 2011-12-27 10:14
.
Vor Suchlauf: 10 Verzeichnis(se), 36.757.393.408 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 36.767.113.216 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F93DE6336A293245D1E4A756D4E83D8A
Danke |
|
27.12.2011, 16:52
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2011, 20:45
| #30 |
| | avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll GMER ist andauernd abgeschmiert... hier die Log-Datei von OSAM: Code:
ATTFilter OSAM Logfile: aswMBR gehe ich jetzt an Danke |
|
| Themen zu avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll |
| adobe, antivirus, avast, bho, canon, cdburnerxp, checkpoint, dateien, desktop, explorer, firefox, hijack, hijackthis, hintergrund, hkus\s-1-5-18, internet, internet explorer, log-file, logfile, microsoft, mozilla, mozilla thunderbird, nvidia, plug-in, programme, registry, rundll, security, suche, windows, windows xp |
Linear-Darstellung
