Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.12.2011, 23:26   #1
Xpert85
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Guten Tag wie soviel hier habe ich auch diese Problem. Hatte vorher noch nie irgendwie groß Probleme mit Trojanern oder Viren und würde euch um hilfe bitten. Habe bisher noch nichts unternommer (OTL) oder ähnliches. Edit: Betriebsystem win 7

Bin momentan mit Firefox im abgesicherten Modus unterwegs. Ihr könnt euch auch Zeit lassen beim Antworten, vor morgen um 16 Uhr werd ich eh nicht mehr reinschauen.

Ich bedanke mich schon mal im vorraus für die Hilfe!

Gruß
Xpert

Geändert von Xpert85 (19.12.2011 um 23:35 Uhr) Grund: Betriebsystem Win 7

Alt 20.12.2011, 07:52   #2
Chris4You
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Hi,

OTL downloaden und auf einen USB-Stick kopieren, dann den Rechner im abgesicherten Modus mit Eingabeaufforderung hochfahren (F8 beim Booten drücken).
Kopiere dann die OTL.exe von dem Stick auf den Rechner (copy E:\OTL.EXE .)(wenn E Dein USB-Stick ist). Otl ausführen, Logs zurückkopieren und hier posten...
Wichtig:Du musst mit dem verseuchten Konto booten!

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 20.12.2011, 17:21   #3
Xpert85
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Guten Tag,

habe OTL runtergeladen und neu gestartet, dann habe ich runtergefahren und das verseuchte Konto gestartet... Windows hat eine Automatische Reparatur gemacht... Jetzt komm ich wieder in mein normales Windows... Bin grad mit dem Konto online das gestern nicht mehr ging... Was ist nun zu tun? Brauchst du trotzdem OTL?
__________________

Alt 20.12.2011, 17:36   #4
Chris4You
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Hi,

ja, umzu prüfen ob wirklich alles beseitigt wurde...

Lass dann auch noch MAM laufen...auch diese Log posten

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 20.12.2011, 18:31   #5
Xpert85
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Hier der Malwarebytes Log... Kann ich jetzt neu starten und OTL machen oder mach ich das ohne Neustart?


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8403

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

20.12.2011 18:29:59
mbam-log-2011-12-20 (18-29-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 387333
Laufzeit: 33 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Xpert85\AppData\Local\Temp\5171.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Xpert85\AppData\Local\Temp\323390.uninstall\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Xpert85\AppData\Local\Temp\icreinstall\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Xpert85\downloads\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.


Alt 20.12.2011, 18:35   #6
Chris4You
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Hi,

neu starten und dann OTL laufen lassen und Log posten...
Da ein Dropper beteiligt war, noch zusätzlich:

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris
__________________
--> Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert

Alt 20.12.2011, 18:55   #7
Xpert85
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Log 1OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.12.2011 18:50:49 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Xpert85\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 75,34% Memory free
11,98 Gb Paging File | 9,83 Gb Available in Paging File | 82,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 314,86 Gb Free Space | 69,06% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 81,12 Gb Free Space | 17,77% Space Free | Partition Type: NTFS
Drive E: | 276,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 3,73 Gb Total Space | 0,21 Gb Free Space | 5,59% Space Free | Partition Type: FAT32
 
Computer Name: XPERT85-PC | User Name: Xpert85 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xpert85\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe ()
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe (North Star com.)
PRC - C:\OEM\USBDECTION\USBS3S4Detection.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\Packard Bell\Software Suite SE\sqlite3.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe (Portrait Displays, Inc.)
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LVUVC64) Logitech HD Webcam C270(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ipower_g5800&r=17360311h306pe495v185y57812715
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ipower_g5800&r=17360311h306pe495v185y57812715
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ipower_g5800&r=17360311h306pe495v185y57812715
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ipower_g5800&r=17360311h306pe495v185y57812715
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ipower_g5800&r=17360311h306pe495v185y57812715
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.12 21:36:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.26 21:33:30 | 000,000,000 | ---D | M]
 
[2011.03.09 18:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xpert85\AppData\Roaming\mozilla\Extensions
[2011.12.20 17:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xpert85\AppData\Roaming\mozilla\Firefox\Profiles\2jsgiqei.default\extensions
[2011.12.20 17:18:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Xpert85\AppData\Roaming\mozilla\Firefox\Profiles\2jsgiqei.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.11 05:20:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Xpert85\AppData\Roaming\mozilla\Firefox\Profiles\2jsgiqei.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.12 16:55:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Xpert85\AppData\Roaming\mozilla\Firefox\Profiles\2jsgiqei.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.12 21:36:37 | 000,000,950 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin-1.xml
[2011.12.13 22:00:37 | 000,000,950 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin-2.xml
[2011.07.15 12:45:57 | 000,000,950 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin-3.xml
[2011.09.01 14:45:04 | 000,000,950 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin-4.xml
[2011.09.01 14:46:33 | 000,000,950 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin-5.xml
[2011.09.26 21:33:38 | 000,000,950 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin-6.xml
[2011.09.27 20:05:08 | 000,000,950 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin-7.xml
[2011.09.29 15:22:30 | 000,000,950 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin-8.xml
[2011.10.05 15:25:25 | 000,000,950 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin-9.xml
[2011.11.27 12:03:28 | 000,000,168 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin.gif
[2011.11.27 12:03:28 | 000,000,618 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin.src
[2011.05.03 16:53:38 | 000,001,056 | ---- | M] () -- C:\Users\Xpert85\AppData\Roaming\Mozilla\Firefox\Profiles\2jsgiqei.default\searchplugins\icqplugin.xml
[2011.12.20 18:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.20 18:48:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\XPERT85\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2JSGIQEI.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2011.11.12 21:36:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 16:39:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 16:39:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 16:39:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 16:39:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 16:39:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 16:39:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Software Suite SE] C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA740B7-07FD-41A5-B61E-F7872F21324B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.31 01:19:38 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6f5467c3-4d6c-11e0-a58d-4487fcf9c0c5}\Shell - "" = AutoRun
O33 - MountPoints2\{6f5467c3-4d6c-11e0-a58d-4487fcf9c0c5}\Shell\AutoRun\command - "" = L:\setup.exe
O33 - MountPoints2\{920c5b18-cc41-11df-a9f6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{920c5b18-cc41-11df-a9f6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\S273HL.exe -- [2010.06.17 12:39:56 | 005,782,406 | R--- | M] (Adobe Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.20 18:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.20 18:48:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.12.20 18:48:06 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.12.20 18:48:06 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.12.20 16:49:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Xpert85\Desktop\OTL.exe
[2011.12.11 22:10:11 | 000,000,000 | R--D | C] -- C:\Users\Xpert85\Documents\Notes
[2011.12.11 17:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.11 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Xpert85\Desktop\College
[2011.12.01 18:21:51 | 000,000,000 | ---D | C] -- C:\Users\Xpert85\Desktop\document.php3-Dateien
[2011.11.29 17:51:47 | 000,000,000 | ---D | C] -- C:\Users\Xpert85\AppData\Roaming\DisplayTune
[2011.11.29 17:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer eDisplay Management
[2011.11.29 17:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Portrait Displays
[2011.11.29 17:47:59 | 000,020,592 | ---- | C] (Portrait Displays, Inc.) -- C:\Windows\SysNative\drivers\PdiPorts.sys
[2011.11.29 17:47:56 | 001,392,671 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvbvm60.dll
[2011.11.29 17:47:56 | 001,105,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\mfc80.dll
[2011.11.29 17:47:56 | 001,093,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\mfc80u.dll
[2011.11.29 17:47:56 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\mfc70.dll
[2011.11.29 17:47:56 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr80.dll
[2011.11.29 17:47:56 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcp80.dll
[2011.11.29 17:47:56 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcp70.dll
[2011.11.29 17:47:56 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcm80.dll
[2011.11.29 17:47:56 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Windows\ijl15.dll
[2011.11.29 17:47:56 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr70.dll
[2011.11.29 17:47:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\atl80.dll
[2011.11.29 17:47:56 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\mfcm80.dll
[2011.11.29 17:47:56 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\mfcm80u.dll
[2011.11.29 17:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Portrait Displays
[2011.11.29 17:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Display
[2011.11.28 23:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam
[2011.11.28 23:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Croteam
[2011.11.28 23:15:41 | 000,000,000 | ---D | C] -- C:\Users\Xpert85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.11.28 23:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.11.28 23:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serious Sam 2
[2011.11.24 19:29:59 | 000,000,000 | ---D | C] -- C:\Users\Xpert85\Documents\Orcs Must Die
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.20 18:44:43 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.20 18:44:43 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.20 18:37:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.20 18:37:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.20 18:36:57 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.20 18:04:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.20 17:54:37 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 16:45:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Xpert85\Desktop\OTL.exe
[2011.12.15 23:03:16 | 000,023,208 | ---- | M] () -- C:\Users\Xpert85\Desktop\one-piece-ps3.jpg
[2011.12.15 22:43:24 | 000,056,204 | ---- | M] () -- C:\Users\Xpert85\Desktop\383736_244698368930237_100001702266788_646534_270748640_n.jpg
[2011.12.11 22:10:07 | 000,004,544 | ---- | M] () -- C:\Users\Xpert85\Desktop\Neues Journal-Dokument.jnt
[2011.12.11 17:02:27 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.07 17:54:43 | 315,134,289 | ---- | M] () -- C:\Users\Xpert85\Desktop\658101_spring_break_party_f70.flv
[2011.12.04 22:44:00 | 000,014,987 | ---- | M] () -- C:\Users\Xpert85\Desktop\green_goose.gif
[2011.12.04 22:38:08 | 000,018,416 | ---- | M] () -- C:\Users\Xpert85\Desktop\index3.html
[2011.12.01 18:21:52 | 000,081,558 | ---- | M] () -- C:\Users\Xpert85\Desktop\document.php3.htm
[2011.11.29 18:48:45 | 000,722,786 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.29 18:48:45 | 000,641,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.29 18:48:45 | 000,152,858 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.29 18:48:45 | 000,126,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.29 18:48:45 | 000,005,598 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.29 17:48:30 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Acer eDisplay Management.lnk
[2011.11.28 23:37:44 | 000,000,136 | ---- | M] () -- C:\Users\Xpert85\Desktop\Serious Sam - Verknüpfung.lnk
[2011.11.28 23:15:41 | 000,001,118 | ---- | M] () -- C:\Users\Xpert85\Desktop\Serious Sam 2.lnk
[2011.11.24 18:18:38 | 000,000,222 | ---- | M] () -- C:\Users\Xpert85\Desktop\Orcs Must Die!.url
[2011.11.22 17:28:02 | 001,176,662 | ---- | M] () -- C:\Users\Xpert85\Desktop\IMAG0028.jpg
[2011.11.21 04:54:12 | 2028,088,631 | ---- | M] () -- C:\Users\Xpert85\Desktop\WWE.Survivor.Series.2011.HDTV.x264-EViLCREW.mp4
 
========== Files Created - No Company Name ==========
 
[2011.12.20 17:54:37 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.15 23:03:16 | 000,023,208 | ---- | C] () -- C:\Users\Xpert85\Desktop\one-piece-ps3.jpg
[2011.12.15 22:43:23 | 000,056,204 | ---- | C] () -- C:\Users\Xpert85\Desktop\383736_244698368930237_100001702266788_646534_270748640_n.jpg
[2011.12.11 22:10:07 | 000,004,544 | ---- | C] () -- C:\Users\Xpert85\Desktop\Neues Journal-Dokument.jnt
[2011.12.07 16:51:23 | 315,134,289 | ---- | C] () -- C:\Users\Xpert85\Desktop\658101_spring_break_party_f70.flv
[2011.12.04 22:43:59 | 000,014,987 | ---- | C] () -- C:\Users\Xpert85\Desktop\green_goose.gif
[2011.12.04 22:38:07 | 000,018,416 | ---- | C] () -- C:\Users\Xpert85\Desktop\index3.html
[2011.12.01 18:21:51 | 000,081,558 | ---- | C] () -- C:\Users\Xpert85\Desktop\document.php3.htm
[2011.11.29 17:48:30 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Acer eDisplay Management.lnk
[2011.11.29 17:48:16 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2011.11.29 17:47:59 | 000,007,233 | ---- | C] () -- C:\pdiports.cat
[2011.11.29 17:47:59 | 000,002,853 | ---- | C] () -- C:\pdiports64.inf
[2011.11.28 23:37:44 | 000,000,136 | ---- | C] () -- C:\Users\Xpert85\Desktop\Serious Sam - Verknüpfung.lnk
[2011.11.28 23:15:41 | 000,001,118 | ---- | C] () -- C:\Users\Xpert85\Desktop\Serious Sam 2.lnk
[2011.11.24 18:18:38 | 000,000,222 | ---- | C] () -- C:\Users\Xpert85\Desktop\Orcs Must Die!.url
[2011.11.22 16:31:30 | 001,176,662 | ---- | C] () -- C:\Users\Xpert85\Desktop\IMAG0028.jpg
[2011.11.21 19:28:09 | 2028,088,631 | ---- | C] () -- C:\Users\Xpert85\Desktop\WWE.Survivor.Series.2011.HDTV.x264-EViLCREW.mp4
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.05.13 17:22:43 | 000,001,122 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.13 14:16:44 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.13 14:12:50 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.13 14:12:49 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.03.13 14:12:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.09 18:10:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Users\Xpert85\Desktop\MushiFlo & Scher ft. Ikko Frisch - FICKEN GELD DROGEN NUTTEN.mpg:SummaryInformation

< End of report >
         
--- --- ---


Log 2OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.12.2011 18:50:56 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Xpert85\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 75,34% Memory free
11,98 Gb Paging File | 9,83 Gb Available in Paging File | 82,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 314,86 Gb Free Space | 69,06% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 81,12 Gb Free Space | 17,77% Space Free | Partition Type: NTFS
Drive E: | 276,02 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 3,73 Gb Total Space | 0,21 Gb Free Space | 5,59% Space Free | Partition Type: FAT32
 
Computer Name: XPERT85-PC | User Name: Xpert85 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Pro Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1" = Photo Frame
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8af0a855-8811-42b5-8f56-a9f856b2bf75}" = Nero 9 Essentials
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Hotkey Utility" = Hotkey Utility
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"JDownloader" = JDownloader
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaCoder" = MediaCoder 2011
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"Packard Bell Welcome Center" = Welcome Center
"PriceGong" = PriceGong 2.5.1
"PunkBusterSvc" = PunkBuster Services
"SeriousSam2" = Serious Sam 2
"Steam App 10" = Counter-Strike
"Steam App 102600" = Orcs Must Die!
"Steam App 107100" = Bastion
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 57900" = Duke Nukem Forever
"Steam App 60" = Ricochet
"Steam App 71230" = Crazy Taxi
"Steam App 71240" = SEGA Bass Fishing
"Steam App 71250" = Sonic Adventure DX
"Steam App 71260" = Space Channel 5: Part 2
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079024" = FATE - The Traitor Soul
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.11.2011 13:48:42 | Computer Name = Xpert85-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 30.11.2011 00:30:30 | Computer Name = Xpert85-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 30.11.2011 00:31:39 | Computer Name = Xpert85-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 30.11.2011 00:31:48 | Computer Name = Xpert85-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 30.11.2011 20:01:29 | Computer Name = Xpert85-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 30.11.2011 20:02:17 | Computer Name = Xpert85-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 30.11.2011 20:02:24 | Computer Name = Xpert85-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.12.2011 08:53:33 | Computer Name = Xpert85-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.12.2011 08:54:40 | Computer Name = Xpert85-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 02.12.2011 08:54:50 | Computer Name = Xpert85-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 07.08.2011 12:26:35 | Computer Name = Xpert85-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 07.08.2011 12:26:35 | Computer Name = Xpert85-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 03.09.2011 11:29:34 | Computer Name = Xpert85-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 03.09.2011 11:29:35 | Computer Name = Xpert85-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 03.09.2011 11:29:35 | Computer Name = Xpert85-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 03.09.2011 11:29:36 | Computer Name = Xpert85-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 07.09.2011 12:46:21 | Computer Name = Xpert85-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 07.09.2011 12:46:21 | Computer Name = Xpert85-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 11.09.2011 10:44:55 | Computer Name = Xpert85-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 11.09.2011 10:44:55 | Computer Name = Xpert85-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---

Alt 20.12.2011, 19:01   #8
Xpert85
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Hier noch TDSS

18:59:31.0147 2368 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:59:32.0956 2368 ============================================================
18:59:32.0956 2368 Current date / time: 2011/12/20 18:59:32.0956
18:59:32.0956 2368 SystemInfo:
18:59:32.0956 2368
18:59:32.0956 2368 OS Version: 6.1.7601 ServicePack: 1.0
18:59:32.0956 2368 Product type: Workstation
18:59:32.0956 2368 ComputerName: XPERT85-PC
18:59:32.0956 2368 UserName: Xpert85
18:59:32.0956 2368 Windows directory: C:\Windows
18:59:32.0956 2368 System windows directory: C:\Windows
18:59:32.0956 2368 Running under WOW64
18:59:32.0956 2368 Processor architecture: Intel x64
18:59:32.0956 2368 Number of processors: 8
18:59:32.0956 2368 Page size: 0x1000
18:59:32.0956 2368 Boot type: Normal boot
18:59:32.0956 2368 ============================================================
18:59:53.0592 2368 Initialize success
19:00:09.0753 3500 ============================================================
19:00:09.0753 3500 Scan started
19:00:09.0753 3500 Mode: Manual;
19:00:09.0753 3500 ============================================================
19:00:10.0400 3500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:00:10.0404 3500 1394ohci - ok
19:00:10.0445 3500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:00:10.0450 3500 ACPI - ok
19:00:10.0470 3500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:00:10.0471 3500 AcpiPmi - ok
19:00:10.0573 3500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:00:10.0579 3500 adp94xx - ok
19:00:10.0640 3500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:00:10.0645 3500 adpahci - ok
19:00:10.0666 3500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:00:10.0669 3500 adpu320 - ok
19:00:10.0768 3500 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:00:10.0775 3500 AFD - ok
19:00:10.0845 3500 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
19:00:10.0861 3500 AgereSoftModem - ok
19:00:10.0937 3500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:00:10.0939 3500 agp440 - ok
19:00:11.0002 3500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:00:11.0002 3500 aliide - ok
19:00:11.0034 3500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:00:11.0035 3500 amdide - ok
19:00:11.0089 3500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:00:11.0091 3500 AmdK8 - ok
19:00:11.0107 3500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:00:11.0108 3500 AmdPPM - ok
19:00:11.0168 3500 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:00:11.0170 3500 amdsata - ok
19:00:11.0195 3500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:00:11.0198 3500 amdsbs - ok
19:00:11.0247 3500 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:00:11.0248 3500 amdxata - ok
19:00:11.0313 3500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:00:11.0315 3500 AppID - ok
19:00:11.0417 3500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:00:11.0419 3500 arc - ok
19:00:11.0451 3500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:00:11.0453 3500 arcsas - ok
19:00:11.0504 3500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:00:11.0505 3500 AsyncMac - ok
19:00:11.0597 3500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:00:11.0598 3500 atapi - ok
19:00:11.0653 3500 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
19:00:11.0654 3500 avgntflt - ok
19:00:11.0698 3500 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
19:00:11.0699 3500 avipbb - ok
19:00:11.0785 3500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:00:11.0791 3500 b06bdrv - ok
19:00:11.0853 3500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:00:11.0857 3500 b57nd60a - ok
19:00:11.0948 3500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:00:11.0949 3500 Beep - ok
19:00:12.0005 3500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:00:12.0006 3500 blbdrive - ok
19:00:12.0048 3500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:00:12.0050 3500 bowser - ok
19:00:12.0101 3500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:00:12.0102 3500 BrFiltLo - ok
19:00:12.0112 3500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:00:12.0112 3500 BrFiltUp - ok
19:00:12.0176 3500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:00:12.0180 3500 Brserid - ok
19:00:12.0195 3500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:00:12.0197 3500 BrSerWdm - ok
19:00:12.0251 3500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:00:12.0252 3500 BrUsbMdm - ok
19:00:12.0263 3500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:00:12.0263 3500 BrUsbSer - ok
19:00:12.0278 3500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:00:12.0280 3500 BTHMODEM - ok
19:00:12.0337 3500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:00:12.0339 3500 cdfs - ok
19:00:12.0413 3500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:00:12.0415 3500 cdrom - ok
19:00:12.0442 3500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:00:12.0443 3500 circlass - ok
19:00:12.0475 3500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:00:12.0480 3500 CLFS - ok
19:00:12.0578 3500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:00:12.0579 3500 CmBatt - ok
19:00:12.0612 3500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:00:12.0613 3500 cmdide - ok
19:00:12.0667 3500 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:00:12.0673 3500 CNG - ok
19:00:12.0740 3500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:00:12.0741 3500 Compbatt - ok
19:00:12.0785 3500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:00:12.0786 3500 CompositeBus - ok
19:00:12.0822 3500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:00:12.0823 3500 crcdisk - ok
19:00:12.0924 3500 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
19:00:12.0925 3500 dc3d - ok
19:00:12.0969 3500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:00:12.0971 3500 DfsC - ok
19:00:13.0014 3500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:00:13.0015 3500 discache - ok
19:00:13.0075 3500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:00:13.0076 3500 Disk - ok
19:00:13.0113 3500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:00:13.0114 3500 drmkaud - ok
19:00:13.0174 3500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:00:13.0183 3500 DXGKrnl - ok
19:00:13.0293 3500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:00:13.0322 3500 ebdrv - ok
19:00:13.0425 3500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:00:13.0432 3500 elxstor - ok
19:00:13.0483 3500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:00:13.0484 3500 ErrDev - ok
19:00:13.0520 3500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:00:13.0523 3500 exfat - ok
19:00:13.0559 3500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:00:13.0562 3500 fastfat - ok
19:00:13.0633 3500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:00:13.0634 3500 fdc - ok
19:00:13.0701 3500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:00:13.0703 3500 FileInfo - ok
19:00:13.0719 3500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:00:13.0720 3500 Filetrace - ok
19:00:13.0791 3500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:00:13.0792 3500 flpydisk - ok
19:00:13.0825 3500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:00:13.0829 3500 FltMgr - ok
19:00:13.0854 3500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:00:13.0856 3500 FsDepends - ok
19:00:13.0883 3500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:00:13.0884 3500 Fs_Rec - ok
19:00:13.0970 3500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:00:13.0974 3500 fvevol - ok
19:00:14.0024 3500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:00:14.0025 3500 gagp30kx - ok
19:00:14.0133 3500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:00:14.0135 3500 hcw85cir - ok
19:00:14.0169 3500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:00:14.0174 3500 HdAudAddService - ok
19:00:14.0198 3500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:00:14.0199 3500 HDAudBus - ok
19:00:14.0218 3500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:00:14.0219 3500 HidBatt - ok
19:00:14.0240 3500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:00:14.0242 3500 HidBth - ok
19:00:14.0311 3500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:00:14.0313 3500 HidIr - ok
19:00:14.0356 3500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:00:14.0357 3500 HidUsb - ok
19:00:14.0397 3500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:00:14.0399 3500 HpSAMD - ok
19:00:14.0499 3500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:00:14.0509 3500 HTTP - ok
19:00:14.0555 3500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:00:14.0556 3500 hwpolicy - ok
19:00:14.0645 3500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:00:14.0647 3500 i8042prt - ok
19:00:14.0701 3500 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
19:00:14.0705 3500 iaStor - ok
19:00:14.0799 3500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:00:14.0805 3500 iaStorV - ok
19:00:14.0902 3500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:00:14.0903 3500 iirsp - ok
19:00:14.0985 3500 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
19:00:15.0003 3500 IntcAzAudAddService - ok
19:00:15.0084 3500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:00:15.0085 3500 intelide - ok
19:00:15.0117 3500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:00:15.0118 3500 intelppm - ok
19:00:15.0172 3500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:00:15.0174 3500 IpFilterDriver - ok
19:00:15.0238 3500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:00:15.0240 3500 IPMIDRV - ok
19:00:15.0270 3500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:00:15.0273 3500 IPNAT - ok
19:00:15.0307 3500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:00:15.0308 3500 IRENUM - ok
19:00:15.0332 3500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:00:15.0333 3500 isapnp - ok
19:00:15.0393 3500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:00:15.0397 3500 iScsiPrt - ok
19:00:15.0422 3500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:00:15.0423 3500 kbdclass - ok
19:00:15.0459 3500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:00:15.0460 3500 kbdhid - ok
19:00:15.0553 3500 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:00:15.0555 3500 KSecDD - ok
19:00:15.0594 3500 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:00:15.0597 3500 KSecPkg - ok
19:00:15.0621 3500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:00:15.0622 3500 ksthunk - ok
19:00:15.0709 3500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:00:15.0710 3500 lltdio - ok
19:00:15.0752 3500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:00:15.0754 3500 LSI_FC - ok
19:00:15.0786 3500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:00:15.0788 3500 LSI_SAS - ok
19:00:15.0802 3500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:00:15.0803 3500 LSI_SAS2 - ok
19:00:15.0856 3500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:00:15.0858 3500 LSI_SCSI - ok
19:00:15.0894 3500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:00:15.0896 3500 luafv - ok
19:00:15.0944 3500 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
19:00:15.0947 3500 LVRS64 - ok
19:00:16.0112 3500 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:00:16.0128 3500 LVUVC64 - ok
19:00:16.0214 3500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:00:16.0215 3500 megasas - ok
19:00:16.0247 3500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:00:16.0251 3500 MegaSR - ok
19:00:16.0279 3500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:00:16.0279 3500 Modem - ok
19:00:16.0307 3500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:00:16.0308 3500 monitor - ok
19:00:16.0378 3500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:00:16.0378 3500 mouclass - ok
19:00:16.0425 3500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:00:16.0427 3500 mouhid - ok
19:00:16.0474 3500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:00:16.0476 3500 mountmgr - ok
19:00:16.0541 3500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:00:16.0544 3500 mpio - ok
19:00:16.0567 3500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:00:16.0569 3500 mpsdrv - ok
19:00:16.0607 3500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:00:16.0609 3500 MRxDAV - ok
19:00:16.0645 3500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:00:16.0647 3500 mrxsmb - ok
19:00:16.0719 3500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:00:16.0723 3500 mrxsmb10 - ok
19:00:16.0739 3500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:00:16.0742 3500 mrxsmb20 - ok
19:00:16.0786 3500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:00:16.0787 3500 msahci - ok
19:00:16.0855 3500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:00:16.0858 3500 msdsm - ok
19:00:16.0903 3500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:00:16.0904 3500 Msfs - ok
19:00:16.0932 3500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:00:16.0933 3500 mshidkmdf - ok
19:00:16.0978 3500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:00:16.0979 3500 msisadrv - ok
19:00:17.0020 3500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:00:17.0021 3500 MSKSSRV - ok
19:00:17.0044 3500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:00:17.0045 3500 MSPCLOCK - ok
19:00:17.0057 3500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:00:17.0057 3500 MSPQM - ok
19:00:17.0090 3500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:00:17.0095 3500 MsRPC - ok
19:00:17.0164 3500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:00:17.0165 3500 mssmbios - ok
19:00:17.0203 3500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:00:17.0204 3500 MSTEE - ok
19:00:17.0221 3500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:00:17.0222 3500 MTConfig - ok
19:00:17.0255 3500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:00:17.0257 3500 Mup - ok
19:00:17.0337 3500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:00:17.0342 3500 NativeWifiP - ok
19:00:17.0395 3500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:00:17.0408 3500 NDIS - ok
19:00:17.0436 3500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:00:17.0437 3500 NdisCap - ok
19:00:17.0504 3500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:00:17.0505 3500 NdisTapi - ok
19:00:17.0543 3500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:00:17.0545 3500 Ndisuio - ok
19:00:17.0586 3500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:00:17.0589 3500 NdisWan - ok
19:00:17.0630 3500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:00:17.0631 3500 NDProxy - ok
19:00:17.0698 3500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:00:17.0699 3500 NetBIOS - ok
19:00:17.0739 3500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:00:17.0743 3500 NetBT - ok
19:00:17.0834 3500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:00:17.0835 3500 nfrd960 - ok
19:00:17.0857 3500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:00:17.0859 3500 Npfs - ok
19:00:17.0877 3500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:00:17.0879 3500 nsiproxy - ok
19:00:17.0938 3500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:00:17.0959 3500 Ntfs - ok
19:00:18.0028 3500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:00:18.0029 3500 Null - ok
19:00:18.0097 3500 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
19:00:18.0098 3500 NVHDA - ok
19:00:18.0319 3500 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:00:18.0360 3500 nvlddmkm - ok
19:00:18.0441 3500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:00:18.0444 3500 nvraid - ok
19:00:18.0465 3500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:00:18.0468 3500 nvstor - ok
19:00:18.0507 3500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:00:18.0509 3500 nv_agp - ok
19:00:18.0584 3500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:00:18.0585 3500 ohci1394 - ok
19:00:18.0614 3500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:00:18.0616 3500 Parport - ok
19:00:18.0653 3500 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:00:18.0654 3500 partmgr - ok
19:00:18.0674 3500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:00:18.0677 3500 pci - ok
19:00:18.0763 3500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:00:18.0764 3500 pciide - ok
19:00:18.0802 3500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:00:18.0806 3500 pcmcia - ok
19:00:18.0823 3500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:00:18.0824 3500 pcw - ok
19:00:18.0916 3500 PdiPorts (078f0efd66613a2f4c47fdb4092d772d) C:\Windows\system32\DRIVERS\PdiPorts.sys
19:00:18.0917 3500 PdiPorts - ok
19:00:18.0951 3500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:00:18.0960 3500 PEAUTH - ok
19:00:19.0089 3500 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
19:00:19.0090 3500 Point64 - ok
19:00:19.0146 3500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:00:19.0148 3500 PptpMiniport - ok
19:00:19.0173 3500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:00:19.0174 3500 Processor - ok
19:00:19.0253 3500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:00:19.0255 3500 Psched - ok
19:00:19.0285 3500 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
19:00:19.0287 3500 PxHlpa64 - ok
19:00:19.0355 3500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:00:19.0375 3500 ql2300 - ok
19:00:19.0420 3500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:00:19.0422 3500 ql40xx - ok
19:00:19.0443 3500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:00:19.0444 3500 QWAVEdrv - ok
19:00:19.0480 3500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:00:19.0481 3500 RasAcd - ok
19:00:19.0518 3500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:00:19.0519 3500 RasAgileVpn - ok
19:00:19.0554 3500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:00:19.0556 3500 Rasl2tp - ok
19:00:19.0601 3500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:00:19.0603 3500 RasPppoe - ok
19:00:19.0620 3500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:00:19.0622 3500 RasSstp - ok
19:00:19.0645 3500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:00:19.0649 3500 rdbss - ok
19:00:19.0672 3500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:00:19.0673 3500 rdpbus - ok
19:00:19.0704 3500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:00:19.0704 3500 RDPCDD - ok
19:00:19.0754 3500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:00:19.0754 3500 RDPENCDD - ok
19:00:19.0775 3500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:00:19.0775 3500 RDPREFMP - ok
19:00:19.0806 3500 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:00:19.0809 3500 RDPWD - ok
19:00:19.0845 3500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:00:19.0848 3500 rdyboost - ok
19:00:19.0940 3500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:00:19.0942 3500 rspndr - ok
19:00:19.0991 3500 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:00:19.0994 3500 RTL8167 - ok
19:00:20.0033 3500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:00:20.0035 3500 sbp2port - ok
19:00:20.0106 3500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:00:20.0107 3500 scfilter - ok
19:00:20.0161 3500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:00:20.0162 3500 secdrv - ok
19:00:20.0251 3500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:00:20.0252 3500 Serenum - ok
19:00:20.0293 3500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:00:20.0295 3500 Serial - ok
19:00:20.0351 3500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:00:20.0353 3500 sermouse - ok
19:00:20.0380 3500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:00:20.0381 3500 sffdisk - ok
19:00:20.0427 3500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:00:20.0428 3500 sffp_mmc - ok
19:00:20.0442 3500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:00:20.0443 3500 sffp_sd - ok
19:00:20.0471 3500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:00:20.0471 3500 sfloppy - ok
19:00:20.0510 3500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:00:20.0511 3500 SiSRaid2 - ok
19:00:20.0564 3500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:00:20.0566 3500 SiSRaid4 - ok
19:00:20.0615 3500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:00:20.0617 3500 Smb - ok
19:00:20.0649 3500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:00:20.0650 3500 spldr - ok
19:00:20.0766 3500 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
19:00:20.0766 3500 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
19:00:20.0768 3500 sptd ( LockedFile.Multi.Generic ) - warning
19:00:20.0768 3500 sptd - detected LockedFile.Multi.Generic (1)
19:00:20.0808 3500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:00:20.0815 3500 srv - ok
19:00:20.0834 3500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:00:20.0840 3500 srv2 - ok
19:00:20.0915 3500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:00:20.0918 3500 srvnet - ok
19:00:20.0991 3500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:00:20.0991 3500 stexstor - ok
19:00:21.0071 3500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:00:21.0072 3500 swenum - ok
19:00:21.0154 3500 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:00:21.0176 3500 Tcpip - ok
19:00:21.0257 3500 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:00:21.0272 3500 TCPIP6 - ok
19:00:21.0306 3500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:00:21.0307 3500 tcpipreg - ok
19:00:21.0335 3500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:00:21.0336 3500 TDPIPE - ok
19:00:21.0353 3500 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:00:21.0353 3500 TDTCP - ok
19:00:21.0398 3500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:00:21.0400 3500 tdx - ok
19:00:21.0476 3500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:00:21.0477 3500 TermDD - ok
19:00:21.0543 3500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:00:21.0544 3500 tssecsrv - ok
19:00:21.0632 3500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:00:21.0634 3500 TsUsbFlt - ok
19:00:21.0674 3500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:00:21.0676 3500 tunnel - ok
19:00:21.0698 3500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:00:21.0699 3500 uagp35 - ok
19:00:21.0742 3500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:00:21.0746 3500 udfs - ok
19:00:21.0835 3500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:00:21.0837 3500 uliagpkx - ok
19:00:21.0857 3500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:00:21.0859 3500 umbus - ok
19:00:21.0892 3500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:00:21.0893 3500 UmPass - ok
19:00:21.0933 3500 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:00:21.0935 3500 usbaudio - ok
19:00:22.0014 3500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:00:22.0016 3500 usbccgp - ok
19:00:22.0034 3500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:00:22.0035 3500 usbcir - ok
19:00:22.0055 3500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:00:22.0057 3500 usbehci - ok
19:00:22.0075 3500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:00:22.0080 3500 usbhub - ok
19:00:22.0098 3500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:00:22.0099 3500 usbohci - ok
19:00:22.0155 3500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:00:22.0156 3500 usbprint - ok
19:00:22.0208 3500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:00:22.0209 3500 USBSTOR - ok
19:00:22.0245 3500 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:00:22.0247 3500 usbuhci - ok
19:00:22.0313 3500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:00:22.0314 3500 vdrvroot - ok
19:00:22.0351 3500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:00:22.0353 3500 vga - ok
19:00:22.0369 3500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:00:22.0371 3500 VgaSave - ok
19:00:22.0409 3500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:00:22.0412 3500 vhdmp - ok
19:00:22.0484 3500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:00:22.0485 3500 viaide - ok
19:00:22.0512 3500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:00:22.0514 3500 volmgr - ok
19:00:22.0550 3500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:00:22.0556 3500 volmgrx - ok
19:00:22.0595 3500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:00:22.0599 3500 volsnap - ok
19:00:22.0664 3500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:00:22.0667 3500 vsmraid - ok
19:00:22.0691 3500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:00:22.0692 3500 vwifibus - ok
19:00:22.0737 3500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:00:22.0738 3500 WacomPen - ok
19:00:22.0797 3500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:00:22.0799 3500 WANARP - ok
19:00:22.0803 3500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:00:22.0804 3500 Wanarpv6 - ok
19:00:22.0861 3500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:00:22.0862 3500 Wd - ok
19:00:22.0894 3500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:00:22.0902 3500 Wdf01000 - ok
19:00:22.0962 3500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:00:22.0964 3500 WfpLwf - ok
19:00:23.0008 3500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:00:23.0009 3500 WIMMount - ok
19:00:23.0102 3500 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:00:23.0103 3500 WinUsb - ok
19:00:23.0177 3500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:00:23.0178 3500 WmiAcpi - ok
19:00:23.0236 3500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:00:23.0238 3500 ws2ifsl - ok
19:00:23.0283 3500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:00:23.0285 3500 WudfPf - ok
19:00:23.0336 3500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:00:23.0338 3500 WUDFRd - ok
19:00:23.0381 3500 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:00:23.0395 3500 \Device\Harddisk0\DR0 - ok
19:00:23.0400 3500 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6
19:00:23.0409 3500 \Device\Harddisk6\DR6 - ok
19:00:23.0412 3500 Boot (0x1200) (27ae08a8d2a9d08f101f105b961e54c2) \Device\Harddisk0\DR0\Partition0
19:00:23.0414 3500 \Device\Harddisk0\DR0\Partition0 - ok
19:00:23.0421 3500 Boot (0x1200) (ee2be86cad59be04840f9529d6cec10a) \Device\Harddisk0\DR0\Partition1
19:00:23.0422 3500 \Device\Harddisk0\DR0\Partition1 - ok
19:00:23.0446 3500 Boot (0x1200) (17bd65093318c8b3d710312c81ef814d) \Device\Harddisk0\DR0\Partition2
19:00:23.0447 3500 \Device\Harddisk0\DR0\Partition2 - ok
19:00:23.0450 3500 Boot (0x1200) (a03725be28451f46aac47f0d5f5c6eb2) \Device\Harddisk6\DR6\Partition0
19:00:23.0451 3500 \Device\Harddisk6\DR6\Partition0 - ok
19:00:23.0451 3500 ============================================================
19:00:23.0451 3500 Scan finished
19:00:23.0451 3500 ============================================================
19:00:23.0459 1808 Detected object count: 1
19:00:23.0459 1808 Actual detected object count: 1
19:00:35.0905 1808 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:00:35.0906 1808 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Alt 20.12.2011, 21:29   #9
Chris4You
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Hi,

bis auf Kleinigkeiten ok, die sptd gehört zu Alcohol bzw. Daemon-Tools...

Fix für OTL
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\S273HL.exe -- [2010.06.17 12:39:56 | 005,782,406 | R--- | M] (Adobe Systems, Inc.)

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 20.12.2011, 21:43   #10
Xpert85
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File move failed. E:\S273HL.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Xpert85
->Temp folder emptied: 211752861 bytes
->Temporary Internet Files folder emptied: 48631918 bytes
->Java cache emptied: 3386104 bytes
->FireFox cache emptied: 251223447 bytes
->Flash cache emptied: 53185 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59874591 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 1611642576 bytes

Total Files Cleaned = 2.085,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12202011_213549

Files\Folders moved on Reboot...
File move failed. E:\S273HL.exe scheduled to be moved on reboot.
C:\Users\Xpert85\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Xpert85\AppData\Local\Mozilla\Firefox\Profiles\2jsgiqei.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Xpert85\AppData\Local\Mozilla\Firefox\Profiles\2jsgiqei.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Xpert85\AppData\Local\Mozilla\Firefox\Profiles\2jsgiqei.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Xpert85\AppData\Local\Mozilla\Firefox\Profiles\2jsgiqei.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Xpert85\AppData\Local\Mozilla\Firefox\Profiles\2jsgiqei.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

Alt 20.12.2011, 22:44   #11
Chris4You
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Hi,

wo hast Du das eigentlich her flvplayersetup.exe?

Soweit Ok...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 21.12.2011, 21:26   #12
Xpert85
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Hi das ist ein Videoplayer... Sollte man den lieber löschen?? Nicht vertrauenswürdig??

Und vielen lieben Dank für deine großartige Hilfe!

Alt 21.12.2011, 21:57   #13
Chris4You
 
Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert



Hi,

nun ja, MAM erkennt sie als:
c:\Users\Xpert85\AppData\Local\Temp\icreinstall\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

Sonst scheint soweit alles ok zu sein...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
abgesicherte, abgesicherten, abgesicherten modus, achtung, achtung!, antworten, aus sicherheitsgründen wurde ihr windowssystem blockiert, blockiert, firefox, guten, modus, momentan, morgen, nicht mehr, nichts, probleme, sicherheitsgründen, tan, troja, trojaner, trojanern, viren, windowssystem blockiert, worte, wurde ihr, würde, zeit lassen




Ähnliche Themen: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert


  1. Achtung! Aus Sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 16.05.2012 (10)
  2. achtung aus sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 12.03.2012 (8)
  3. Achtung Ihr Windowssystem wurde aus Sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 23.02.2012 (25)
  4. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 23.02.2012 (20)
  5. Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert!
    Log-Analyse und Auswertung - 10.02.2012 (30)
  6. Achtung!Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 01.02.2012 (41)
  7. Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 30.01.2012 (38)
  8. Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert ...
    Log-Analyse und Auswertung - 29.01.2012 (9)
  9. Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 25.01.2012 (1)
  10. Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert!
    Log-Analyse und Auswertung - 21.01.2012 (3)
  11. Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (15)
  12. Achtung! aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (18)
  13. Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 07.01.2012 (19)
  14. Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (37)
  15. Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (4)
  16. Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 16.12.2011 (1)
  17. Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 12.12.2011 (8)

Zum Thema Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert - Guten Tag wie soviel hier habe ich auch diese Problem. Hatte vorher noch nie irgendwie groß Probleme mit Trojanern oder Viren und würde euch um hilfe bitten. Habe bisher noch - Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...
Archiv
Du betrachtest: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.