|
Log-Analyse und Auswertung: Dateien nur noch als Verknüpfung auf externer FPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.12.2011, 13:53 | #1 |
| Dateien nur noch als Verknüpfung auf externer FP Hallo Community. Ich habe mich ein wenig belesen, was die Probleme betrifft und musste feststellen, dass viele das gleiche o.g. Problem haben wie ich. Cosinus, du hast hier ne nette Anleitung vor geraumer Zeit gepostet, was den "Eset-onlne-scanner" betrifft. Ich habe mich der Sache mal angenommen und die Log-File erstellen lassen, die wie folgt aussieht: (bedanke mich schonmal im vorraus für die Hilfe) Zitat: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6aba6c256269cb4e822ab4b56cccff39 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-29 12:43:36 # local_time=2011-12-29 01:43:36 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 23747 23747 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 23669 162632749 0 0 # compatibility_mode=8192 67108863 100 0 3776 3776 0 0 # scanned=211215 # found=15 # cleaned=0 # scan_time=19394 C:\Program Files\PDFCreator\Toolbar\is-6TBMF.tmp Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Bewerbungen.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Bilder.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\HD-Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Musik-Alben.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Musik.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Soundtrack-Alben.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\System Volume Information.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Videos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN\S-1-5-21-1235014147-1984952320-3779526693-1000\$RGDOKL9.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB\HD-Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB\Videos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I |
29.12.2011, 18:00 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
31.12.2011, 02:49 | #3 |
| Dateien nur noch als Verknüpfung auf externer FP Hi cosinus,
__________________hier mal die ergebnisse von malewarebytes: zitat: "Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.30.02 Windows Vista Service Pack 2 x86 FAT32 Internet Explorer 8.0.6001.19170 Dennis :: DENNIS-PC [Administrator] 30.12.2011 16:40:51 mbam-log-2011-12-30 (16-40-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 385919 Laufzeit: 2 Stunde(n), 12 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)" was sagt mir das jetzt? nichts gefunden mit diesem prog...was nun? lg |
31.12.2011, 10:55 | #4 |
| Dateien nur noch als Verknüpfung auf externer FP habe hier noch 3 ältere gefunden.... (im anhang) lg |
31.12.2011, 15:53 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen: Code:
ATTFilter attrib -s -h "x:\ordner" /s /d "ordner" muss dann der jew. richtige Ordnername sein Vgl. diesen Strang => http://www.trojaner-board.de/102950-...traeger-2.html Mach danach ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
01.01.2012, 12:56 | #6 |
| Dateien nur noch als Verknüpfung auf externer FP ich hoffe, ich habe deine "code-anleitung" richtig interpretiert.... was ist denn mit dem "extra.txt"? brauchst du den text auch? greetz OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.01.2012 11:15:53 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,85% Memory free 4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 122,59 Gb Total Space | 32,50 Gb Free Space | 26,51% Space Free | Partition Type: NTFS Drive D: | 26,45 Gb Total Space | 22,72 Gb Free Space | 85,93% Space Free | Partition Type: FAT32 Drive E: | 58,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 931,51 Gb Total Space | 534,84 Gb Free Space | 57,42% Space Free | Partition Type: NTFS Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.01 11:11:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe PRC - [2011.12.28 20:03:21 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.12.28 18:47:14 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.12.28 18:47:14 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.12.28 18:47:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.28 18:47:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.08.02 16:14:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.13 10:35:10 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.11.13 10:32:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.04.11 07:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.30 09:49:50 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe PRC - [2008.02.18 06:37:48 | 000,032,768 | ---- | M] (Autodesk) -- C:\Programme\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe PRC - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe PRC - [2007.09.04 11:41:00 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.09.03 17:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.08.31 10:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.12 15:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.13 17:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.04.13 17:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe PRC - [2007.02.07 17:23:22 | 001,581,056 | ---- | M] () -- D:\MDESIGN\MDESIGN\TEDATA.exe PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.06.30 12:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) -- D:\MDESIGN\MDESIGN\lmgrd.exe PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.12.28 20:03:21 | 000,849,368 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.09.04 11:45:54 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe MOD - [2007.09.04 11:37:26 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2007.09.04 11:37:14 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2007.09.04 11:37:02 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll MOD - [2007.09.04 11:37:00 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2007.09.04 11:36:54 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll MOD - [2007.09.04 11:36:48 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2007.09.04 11:36:44 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (sdCoreService) SRV - File not found [On_Demand | Stopped] -- -- (sdAuxService) SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService) SRV - [2011.12.28 18:47:14 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.12.28 18:47:14 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.12.28 18:47:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.28 18:47:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.12.04 21:41:39 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.11.13 10:32:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.11.13 10:27:56 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.11.07 18:40:19 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.10.02 11:45:18 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.04.11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.10.30 09:49:50 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\AstSrv.exe -- (astcc) SRV - [2008.02.18 06:37:48 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2007.09.04 11:39:54 | 000,040,960 | ---- | M] (Softex Inc.) [On_Demand | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.04.13 17:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.06.30 12:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) [Auto | Running] -- D:\MDESIGN\MDESIGN\lmgrd.exe -- (MDESIGN License Manager) SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.12.28 18:47:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.28 18:47:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.02.01 10:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec) DRV - [2007.12.10 12:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec) DRV - [2007.12.10 12:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt) DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007.08.08 07:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.06.01 09:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531) DRV - [2007.05.25 08:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2007.05.25 08:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV - [2007.04.30 12:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.02.12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: D:\TOOLS\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.28 20:03:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.28 20:03:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2009.06.24 17:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2012.01.01 10:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions [2010.07.11 10:28:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.29 17:09:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.12.28 15:13:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml [2011.09.28 20:08:05 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml [2011.11.15 15:41:42 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml [2011.12.28 20:03:33 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml [2009.08.05 20:08:50 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml [2009.09.13 14:52:47 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml [2009.10.30 20:12:09 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml [2011.05.02 18:36:00 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml [2011.06.25 16:11:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml [2011.08.17 15:09:53 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml [2011.09.01 16:57:18 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml [2011.09.09 11:00:27 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml [2010.06.21 09:50:56 | 000,003,915 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml [2011.11.23 18:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.23 18:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.23 18:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.23 18:29:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.15 15:41:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.15 15:41:18 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.15 15:41:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.15 15:41:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.15 15:41:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1225031161 (Image Uploader Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716 (Image Uploader Control) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.31.65.69 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1BD1AFE-2142-4FF3-B8B0-AE088816908A}: DhcpNameServer = 94.31.65.69 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.09.08 09:06:11 | 000,000,000 | -H-D | M] - E:\AutoRunSource -- [ CDFS ] O32 - AutoRun File - [2011.09.08 09:33:19 | 002,520,576 | R--- | M] (Longtion Software Inc. ) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2011.04.14 09:47:44 | 000,095,701 | RH-- | M] () - E:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2011.09.07 15:32:56 | 000,000,063 | RH-- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.03.01 11:16:59 | 000,211,164 | RH-- | M] () - E:\autorun.tgt -- [ CDFS ] O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell\AutoRun\command - "" = H:\setup.exe -a O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( ) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: sdauxservice - File not found SafeBootMin: sdcoreservice - File not found SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: sdauxservice - File not found SafeBootNet: sdcoreservice - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {3C4CA55D-C315-C489-36DE-31DB5817CCA9} - Microsoft Windows Media Player 11.0 ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5E7C766A-B2D5-42F9-338E-8F172E80EF38} - ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {734825D4-5ACB-3DA4-FA6A-600DD12F778A} - Adobe Shockwave Director 10.2 ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067) ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept) Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.01 11:11:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2011.12.30 16:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.30 16:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.30 16:39:06 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.28 20:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.28 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Avira [2011.12.28 14:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.28 14:44:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.12.28 14:44:42 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.28 14:44:42 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.12.28 14:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira ========== Files - Modified Within 30 Days ========== [2012.01.01 11:11:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2012.01.01 10:51:26 | 000,000,004 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Default.PLS [2012.01.01 10:50:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.01 10:42:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.01 10:42:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.01 10:26:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.01 10:24:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.01.01 10:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.01 10:24:33 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2011.12.30 16:40:00 | 000,787,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.30 16:40:00 | 000,727,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.30 16:40:00 | 000,189,508 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.30 16:40:00 | 000,153,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.30 16:39:10 | 000,000,481 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 16:15:34 | 000,125,440 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.28 18:47:15 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.28 18:47:15 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.12.28 14:45:05 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.12.28 14:29:06 | 000,563,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.28 14:06:21 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.12.30 16:39:10 | 000,000,481 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.28 14:45:05 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.09.10 07:18:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.09.07 13:57:49 | 000,239,076 | ---- | C] () -- C:\Windows\hpwins26.dat [2011.09.07 13:53:49 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini [2011.04.23 06:58:27 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini [2010.03.08 18:41:21 | 000,105,199 | ---- | C] () -- C:\Windows\Restart.EXE [2009.09.25 19:41:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.25 19:41:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.18 07:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat [2008.11.05 18:08:13 | 000,003,976 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\wklnhst.dat [2008.08.30 02:01:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.20 14:39:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.07.19 04:32:16 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2008.06.19 15:45:49 | 000,000,680 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat [2008.05.12 03:42:50 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.05.12 03:42:50 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.05.12 03:37:59 | 000,125,440 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.29 14:07:52 | 000,000,004 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Default.PLS [2008.01.23 14:51:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.23 13:48:14 | 000,000,094 | ---- | C] () -- C:\Users\Dennis\AppData\Local\fusioncache.dat [2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.01.02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.01.02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.01.02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.09.19 06:56:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.09.18 19:01:37 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.09.18 19:01:37 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.09.18 08:38:30 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007.09.18 08:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2007.09.18 08:16:24 | 000,000,216 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2007.09.12 08:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.09.12 08:35:40 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.09.12 08:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll [2007.09.12 08:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 16:33:31 | 000,787,020 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,189,508 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,563,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,727,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,153,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.20 06:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini [2000.04.18 03:02:00 | 000,000,110 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT ========== LOP Check ========== [2011.08.04 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Autodesk [2009.10.02 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus [2010.03.01 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Buhl Data Service [2008.01.23 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BullGuard [2010.11.24 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dennis [2011.08.29 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar [2011.08.04 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Image Zone Express [2008.05.10 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MAGIX [2010.12.07 20:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Neuer Ordner [2010.09.13 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org [2011.09.10 07:19:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\pdfforge [2009.01.21 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Printer Info Cache [2008.04.28 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sonavis [2008.11.05 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Template [2009.12.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2008.04.28 01:48:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TVcentral-Core [2011.08.22 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent [2009.01.20 06:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\VMedia [2011.12.31 19:12:31 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.16 18:46:59 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CA5B97C-2E80-401D-B6D3-12ED15CD9318}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.02.23 09:00:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe [2010.09.15 16:01:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ahead [2008.11.19 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer [2011.08.04 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Autodesk [2011.12.28 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Avira [2008.05.12 03:45:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AVS4YOU [2009.10.02 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus [2010.03.01 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Buhl Data Service [2008.01.23 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BullGuard [2008.04.29 14:07:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink [2010.11.24 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dennis [2009.04.20 17:50:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX [2011.06.17 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\dvdcss [2008.01.23 14:07:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Google [2011.08.30 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\HP [2011.08.29 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar [2008.01.23 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities [2011.08.04 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Image Zone Express [2008.02.10 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\InstallShield [2008.01.23 14:10:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia [2008.05.10 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MAGIX [2011.07.31 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs [2011.10.07 11:32:22 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft [2009.02.23 19:49:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Move Networks [2009.06.24 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla [2010.12.07 20:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Neuer Ordner [2010.09.13 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org [2008.05.07 01:26:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Tools [2011.09.10 07:19:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\pdfforge [2009.01.21 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Printer Info Cache [2008.11.27 07:07:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\skypePM [2008.04.28 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sonavis [2008.11.05 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Template [2009.12.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2008.04.28 01:48:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TVcentral-Core [2010.09.13 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\U3 [2011.08.22 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent [2011.11.20 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc [2009.01.20 06:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\VMedia [2008.07.02 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR [2008.07.12 12:13:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2009.03.02 18:34:22 | 010,684,866 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Azureus\plugins\azump\mplayer.exe [2011.09.30 19:02:24 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2009.11.07 18:24:42 | 000,010,134 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2009.02.06 00:56:14 | 000,097,144 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.02.23 19:49:09 | 000,034,063 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Move Networks\ie_bin\Uninst.exe [2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe [2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe [2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe [2009.03.03 12:45:08 | 000,693,712 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe [2009.03.03 12:45:05 | 001,091,024 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe [2009.03.03 12:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe [2009.03.04 08:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe [2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys [2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys [2007.07.12 15:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2008.01.19 08:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
02.01.2012, 12:21 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" [2011.12.28 15:13:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml [2011.09.28 20:08:05 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml [2011.11.15 15:41:42 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml [2011.12.28 20:03:33 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml [2009.08.05 20:08:50 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml [2009.09.13 14:52:47 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml [2009.10.30 20:12:09 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml [2011.05.02 18:36:00 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml [2011.06.25 16:11:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml [2011.08.17 15:09:53 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml [2011.09.01 16:57:18 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml [2011.09.09 11:00:27 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml [2010.06.21 09:50:56 | 000,003,915 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.09.08 09:06:11 | 000,000,000 | -H-D | M] - E:\AutoRunSource -- [ CDFS ] O32 - AutoRun File - [2011.09.08 09:33:19 | 002,520,576 | R--- | M] (Longtion Software Inc. ) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2011.04.14 09:47:44 | 000,095,701 | RH-- | M] () - E:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2011.09.07 15:32:56 | 000,000,063 | RH-- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.03.01 11:16:59 | 000,211,164 | RH-- | M] () - E:\autorun.tgt -- [ CDFS ] O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell\AutoRun\command - "" = H:\setup.exe -a O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a [2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2 :Files F:\*.lnk F:\$RECYCLE.BIN\S-1-5-21* :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
02.01.2012, 12:44 | #8 |
| Dateien nur noch als Verknüpfung auf externer FP hi, hier das log nach otl-fix: Code:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl Prefs.js: "Google" removed from browser.search.selectedEngine Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from sweetim.toolbar.previous.keyword.URL C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml moved successfully. C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully. C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File not found. File move failed. E:\autorun.exe scheduled to be moved on reboot. File move failed. E:\autorun.ico scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. File move failed. E:\autorun.tgt scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found. File H:\setup.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\LaunchU3.exe -a not found. C:\Users\Dennis\AppData\Roaming\ICQ Toolbar folder moved successfully. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ========== FILES ========== F:\$RECYCLE.BIN.lnk moved successfully. F:\Bewerbungen.lnk moved successfully. F:\Bilder.lnk moved successfully. F:\Filme.lnk moved successfully. F:\HD-Filme.lnk moved successfully. F:\Musik-Alben.lnk moved successfully. F:\Musik.lnk moved successfully. F:\Soundtrack-Alben.lnk moved successfully. F:\System Volume Information.lnk moved successfully. F:\Videos.lnk moved successfully. F:\$RECYCLE.BIN\S-1-5-21-1235014147-1984952320-3779526693-1000 folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-2617947982-1946965418-1152030714-1000 folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-3005907653-400381532-2282554573-1000 folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RW6BGAU folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RLCBIEE.XviD-EMPiRE\Sample folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RLCBIEE.XviD-EMPiRE folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003 folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-524960744-1537308869-899931187-1000 folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RJR72HJ folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$R4383VG folder moved successfully. F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dennis ->Temp folder emptied: 134965747 bytes ->Temporary Internet Files folder emptied: 264576074 bytes ->Java cache emptied: 21975953 bytes ->FireFox cache emptied: 122684728 bytes ->Flash cache emptied: 13548041 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 106498628 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 634,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 01022012_122757 Files\Folders moved on Reboot... File move failed. E:\autorun.exe scheduled to be moved on reboot. File move failed. E:\autorun.ico scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. File move failed. E:\autorun.tgt scheduled to be moved on reboot. File\Folder C:\Windows\temp\JETBB04.tmp not found! C:\Windows\temp\JETF314.tmp moved successfully. Registry entries deleted on Reboot... |
02.01.2012, 14:11 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
02.01.2012, 17:36 | #10 |
| Dateien nur noch als Verknüpfung auf externer FP ich bin verwirrt. warum zeigt er mir nix an? habe ich in den schritten davor irgendetwas falsch gemacht? oder ist die fp nun clean? greetz Code:
ATTFilter 17:30:45.0967 1508 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 17:30:46.0164 1508 ============================================================ 17:30:46.0164 1508 Current date / time: 2012/01/02 17:30:46.0164 17:30:46.0164 1508 SystemInfo: 17:30:46.0164 1508 17:30:46.0164 1508 OS Version: 6.0.6002 ServicePack: 2.0 17:30:46.0164 1508 Product type: Workstation 17:30:46.0165 1508 ComputerName: DENNIS-PC 17:30:46.0165 1508 UserName: Dennis 17:30:46.0165 1508 Windows directory: C:\Windows 17:30:46.0165 1508 System windows directory: C:\Windows 17:30:46.0165 1508 Processor architecture: Intel x86 17:30:46.0165 1508 Number of processors: 2 17:30:46.0165 1508 Page size: 0x1000 17:30:46.0165 1508 Boot type: Normal boot 17:30:46.0165 1508 ============================================================ 17:30:47.0865 1508 Initialize success 17:33:58.0757 5836 ============================================================ 17:33:58.0757 5836 Scan started 17:33:58.0758 5836 Mode: Manual; SigCheck; TDLFS; 17:33:58.0758 5836 ============================================================ 17:34:00.0856 5836 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 17:34:01.0045 5836 ACPI - ok 17:34:01.0221 5836 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 17:34:01.0290 5836 adp94xx - ok 17:34:01.0376 5836 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 17:34:01.0417 5836 adpahci - ok 17:34:01.0466 5836 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 17:34:01.0496 5836 adpu160m - ok 17:34:01.0520 5836 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 17:34:01.0554 5836 adpu320 - ok 17:34:01.0659 5836 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 17:34:01.0766 5836 AFD - ok 17:34:01.0868 5836 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 17:34:02.0063 5836 AgereSoftModem - ok 17:34:02.0115 5836 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 17:34:02.0143 5836 aic78xx - ok 17:34:02.0189 5836 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys 17:34:02.0216 5836 aliide - ok 17:34:02.0248 5836 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 17:34:02.0277 5836 amdagp - ok 17:34:02.0293 5836 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys 17:34:02.0320 5836 amdide - ok 17:34:02.0353 5836 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 17:34:02.0457 5836 AmdK7 - ok 17:34:02.0484 5836 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 17:34:02.0595 5836 AmdK8 - ok 17:34:02.0717 5836 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 17:34:02.0745 5836 arc - ok 17:34:02.0782 5836 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 17:34:02.0812 5836 arcsas - ok 17:34:02.0915 5836 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 17:34:03.0001 5836 AsyncMac - ok 17:34:03.0050 5836 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 17:34:03.0079 5836 atapi - ok 17:34:03.0165 5836 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys 17:34:03.0242 5836 ATSWPDRV - ok 17:34:03.0334 5836 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 17:34:03.0374 5836 avgntflt - ok 17:34:03.0398 5836 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 17:34:03.0429 5836 avipbb - ok 17:34:03.0500 5836 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 17:34:03.0605 5836 Beep - ok 17:34:03.0639 5836 blbdrive - ok 17:34:03.0698 5836 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 17:34:03.0765 5836 bowser - ok 17:34:03.0856 5836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 17:34:03.0917 5836 BrFiltLo - ok 17:34:03.0958 5836 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 17:34:04.0028 5836 BrFiltUp - ok 17:34:04.0082 5836 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 17:34:04.0192 5836 Brserid - ok 17:34:04.0225 5836 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 17:34:04.0357 5836 BrSerWdm - ok 17:34:04.0396 5836 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 17:34:04.0500 5836 BrUsbMdm - ok 17:34:04.0539 5836 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 17:34:04.0627 5836 BrUsbSer - ok 17:34:04.0671 5836 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 17:34:04.0777 5836 BTHMODEM - ok 17:34:04.0878 5836 Cam5607 (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys 17:34:05.0008 5836 Cam5607 - ok 17:34:05.0104 5836 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 17:34:05.0202 5836 cdfs - ok 17:34:05.0260 5836 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 17:34:05.0336 5836 cdrom - ok 17:34:05.0391 5836 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 17:34:05.0498 5836 circlass - ok 17:34:05.0549 5836 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 17:34:05.0595 5836 CLFS - ok 17:34:05.0685 5836 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 17:34:05.0765 5836 CmBatt - ok 17:34:05.0819 5836 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys 17:34:05.0847 5836 cmdide - ok 17:34:05.0908 5836 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 17:34:05.0935 5836 Compbatt - ok 17:34:05.0966 5836 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 17:34:05.0993 5836 crcdisk - ok 17:34:06.0024 5836 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 17:34:06.0133 5836 Crusoe - ok 17:34:06.0232 5836 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 17:34:06.0285 5836 DfsC - ok 17:34:06.0373 5836 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 17:34:06.0406 5836 disk - ok 17:34:06.0487 5836 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 17:34:06.0569 5836 Dot4 - ok 17:34:06.0602 5836 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 17:34:06.0673 5836 Dot4Print - ok 17:34:06.0707 5836 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 17:34:06.0788 5836 dot4usb - ok 17:34:06.0866 5836 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 17:34:06.0916 5836 drmkaud - ok 17:34:06.0970 5836 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 17:34:07.0028 5836 DXGKrnl - ok 17:34:07.0073 5836 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 17:34:07.0194 5836 E1G60 - ok 17:34:07.0258 5836 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 17:34:07.0300 5836 Ecache - ok 17:34:07.0367 5836 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 17:34:07.0408 5836 elxstor - ok 17:34:07.0482 5836 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 17:34:07.0545 5836 exfat - ok 17:34:07.0577 5836 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 17:34:07.0642 5836 fastfat - ok 17:34:07.0669 5836 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 17:34:07.0779 5836 fdc - ok 17:34:07.0836 5836 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys 17:34:07.0940 5836 FETNDIS - ok 17:34:08.0014 5836 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 17:34:08.0044 5836 FileInfo - ok 17:34:08.0101 5836 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 17:34:08.0164 5836 Filetrace - ok 17:34:08.0207 5836 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 17:34:08.0313 5836 flpydisk - ok 17:34:08.0372 5836 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 17:34:08.0413 5836 FltMgr - ok 17:34:08.0506 5836 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 17:34:08.0567 5836 Fs_Rec - ok 17:34:08.0605 5836 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 17:34:08.0635 5836 gagp30kx - ok 17:34:08.0756 5836 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 17:34:08.0941 5836 HdAudAddService - ok 17:34:09.0002 5836 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:34:09.0127 5836 HDAudBus - ok 17:34:09.0157 5836 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 17:34:09.0277 5836 HidBth - ok 17:34:09.0309 5836 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 17:34:09.0419 5836 HidIr - ok 17:34:09.0479 5836 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 17:34:09.0522 5836 HidUsb - ok 17:34:09.0559 5836 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 17:34:09.0587 5836 HpCISSs - ok 17:34:09.0646 5836 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 17:34:09.0798 5836 HTTP - ok 17:34:09.0864 5836 hwdatacard - ok 17:34:09.0898 5836 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 17:34:09.0923 5836 i2omp - ok 17:34:10.0000 5836 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 17:34:10.0067 5836 i8042prt - ok 17:34:10.0132 5836 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys 17:34:10.0156 5836 iaStor - ok 17:34:10.0191 5836 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 17:34:10.0229 5836 iaStorV - ok 17:34:10.0333 5836 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 17:34:10.0610 5836 igfx - ok 17:34:10.0658 5836 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 17:34:10.0685 5836 iirsp - ok 17:34:10.0742 5836 IKFileSec (3d8a88bd1e6a640807691198a8342e8c) C:\Windows\system32\drivers\ikfilesec.sys 17:34:10.0766 5836 IKFileSec - ok 17:34:10.0797 5836 IKSysFlt (7583e2211097d273fca4e3fce04f639f) C:\Windows\system32\drivers\iksysflt.sys 17:34:10.0823 5836 IKSysFlt - ok 17:34:10.0855 5836 IKSysSec (2402f65f1eca5159c8f0f16066f4bded) C:\Windows\system32\drivers\iksyssec.sys 17:34:10.0880 5836 IKSysSec - ok 17:34:11.0016 5836 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys 17:34:11.0358 5836 IntcAzAudAddService - ok 17:34:11.0504 5836 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 17:34:11.0531 5836 intelide - ok 17:34:11.0713 5836 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 17:34:11.0777 5836 intelppm - ok 17:34:11.0862 5836 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:34:11.0933 5836 IpFilterDriver - ok 17:34:11.0952 5836 IpInIp - ok 17:34:12.0004 5836 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 17:34:12.0112 5836 IPMIDRV - ok 17:34:12.0168 5836 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 17:34:12.0240 5836 IPNAT - ok 17:34:12.0281 5836 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 17:34:12.0361 5836 IRENUM - ok 17:34:12.0404 5836 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 17:34:12.0432 5836 isapnp - ok 17:34:12.0485 5836 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 17:34:12.0512 5836 iScsiPrt - ok 17:34:12.0536 5836 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 17:34:12.0562 5836 iteatapi - ok 17:34:12.0596 5836 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 17:34:12.0623 5836 iteraid - ok 17:34:12.0669 5836 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 17:34:12.0697 5836 kbdclass - ok 17:34:12.0737 5836 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 17:34:12.0792 5836 kbdhid - ok 17:34:12.0860 5836 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 17:34:12.0932 5836 KSecDD - ok 17:34:13.0032 5836 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 17:34:13.0134 5836 lltdio - ok 17:34:13.0197 5836 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 17:34:13.0225 5836 LSI_FC - ok 17:34:13.0252 5836 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 17:34:13.0281 5836 LSI_SAS - ok 17:34:13.0303 5836 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 17:34:13.0332 5836 LSI_SCSI - ok 17:34:13.0391 5836 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 17:34:13.0469 5836 luafv - ok 17:34:13.0531 5836 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 17:34:13.0557 5836 megasas - ok 17:34:13.0636 5836 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 17:34:13.0700 5836 Modem - ok 17:34:13.0758 5836 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 17:34:13.0821 5836 monitor - ok 17:34:13.0875 5836 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 17:34:13.0902 5836 mouclass - ok 17:34:13.0925 5836 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 17:34:13.0979 5836 mouhid - ok 17:34:14.0059 5836 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 17:34:14.0089 5836 MountMgr - ok 17:34:14.0150 5836 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 17:34:14.0182 5836 mpio - ok 17:34:14.0241 5836 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 17:34:14.0297 5836 mpsdrv - ok 17:34:14.0335 5836 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 17:34:14.0363 5836 Mraid35x - ok 17:34:14.0403 5836 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 17:34:14.0463 5836 MRxDAV - ok 17:34:14.0549 5836 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:34:14.0604 5836 mrxsmb - ok 17:34:14.0660 5836 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:34:14.0720 5836 mrxsmb10 - ok 17:34:14.0749 5836 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:34:14.0801 5836 mrxsmb20 - ok 17:34:14.0848 5836 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys 17:34:14.0875 5836 msahci - ok 17:34:14.0906 5836 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 17:34:14.0937 5836 msdsm - ok 17:34:15.0024 5836 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 17:34:15.0093 5836 Msfs - ok 17:34:15.0173 5836 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 17:34:15.0199 5836 msisadrv - ok 17:34:15.0268 5836 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 17:34:15.0336 5836 MSKSSRV - ok 17:34:15.0384 5836 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 17:34:15.0436 5836 MSPCLOCK - ok 17:34:15.0489 5836 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 17:34:15.0559 5836 MSPQM - ok 17:34:15.0605 5836 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 17:34:15.0642 5836 MsRPC - ok 17:34:15.0674 5836 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 17:34:15.0694 5836 mssmbios - ok 17:34:15.0731 5836 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 17:34:15.0804 5836 MSTEE - ok 17:34:15.0821 5836 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 17:34:15.0853 5836 Mup - ok 17:34:15.0909 5836 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 17:34:15.0948 5836 NativeWifiP - ok 17:34:16.0027 5836 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 17:34:16.0108 5836 NDIS - ok 17:34:16.0165 5836 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 17:34:16.0217 5836 NdisTapi - ok 17:34:16.0274 5836 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 17:34:16.0345 5836 Ndisuio - ok 17:34:16.0386 5836 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 17:34:16.0460 5836 NdisWan - ok 17:34:16.0510 5836 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 17:34:16.0572 5836 NDProxy - ok 17:34:16.0653 5836 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 17:34:16.0729 5836 NetBIOS - ok 17:34:16.0778 5836 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 17:34:16.0851 5836 netbt - ok 17:34:16.0977 5836 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 17:34:17.0232 5836 NETw3v32 - ok 17:34:17.0341 5836 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys 17:34:17.0581 5836 NETw4v32 - ok 17:34:17.0626 5836 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 17:34:17.0653 5836 nfrd960 - ok 17:34:17.0725 5836 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 17:34:17.0785 5836 Npfs - ok 17:34:17.0841 5836 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 17:34:17.0906 5836 nsiproxy - ok 17:34:17.0997 5836 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 17:34:18.0205 5836 Ntfs - ok 17:34:18.0264 5836 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 17:34:18.0377 5836 ntrigdigi - ok 17:34:18.0418 5836 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 17:34:18.0488 5836 Null - ok 17:34:18.0524 5836 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 17:34:18.0554 5836 nvraid - ok 17:34:18.0583 5836 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 17:34:18.0610 5836 nvstor - ok 17:34:18.0639 5836 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 17:34:18.0670 5836 nv_agp - ok 17:34:18.0685 5836 NwlnkFlt - ok 17:34:18.0705 5836 NwlnkFwd - ok 17:34:18.0767 5836 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 17:34:18.0885 5836 ohci1394 - ok 17:34:19.0013 5836 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 17:34:19.0106 5836 Parport - ok 17:34:19.0140 5836 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 17:34:19.0172 5836 partmgr - ok 17:34:19.0205 5836 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 17:34:19.0283 5836 Parvdm - ok 17:34:19.0317 5836 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 17:34:19.0357 5836 pci - ok 17:34:19.0389 5836 pciide (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys 17:34:19.0416 5836 pciide - ok 17:34:19.0477 5836 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 17:34:19.0513 5836 pcmcia - ok 17:34:19.0591 5836 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 17:34:19.0890 5836 PEAUTH - ok 17:34:19.0988 5836 PhilCap (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys 17:34:20.0101 5836 PhilCap - ok 17:34:20.0227 5836 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 17:34:20.0300 5836 PptpMiniport - ok 17:34:20.0343 5836 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 17:34:20.0455 5836 Processor - ok 17:34:20.0510 5836 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 17:34:20.0550 5836 PSched - ok 17:34:20.0631 5836 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 17:34:20.0790 5836 ql2300 - ok 17:34:20.0817 5836 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 17:34:20.0848 5836 ql40xx - ok 17:34:20.0905 5836 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 17:34:20.0954 5836 QWAVEdrv - ok 17:34:21.0057 5836 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 17:34:21.0332 5836 R300 - ok 17:34:21.0412 5836 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 17:34:21.0483 5836 RasAcd - ok 17:34:21.0542 5836 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:34:21.0619 5836 Rasl2tp - ok 17:34:21.0659 5836 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 17:34:21.0722 5836 RasPppoe - ok 17:34:21.0764 5836 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 17:34:21.0815 5836 RasSstp - ok 17:34:21.0858 5836 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 17:34:21.0932 5836 rdbss - ok 17:34:21.0986 5836 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:34:22.0053 5836 RDPCDD - ok 17:34:22.0104 5836 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 17:34:22.0218 5836 rdpdr - ok 17:34:22.0257 5836 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 17:34:22.0320 5836 RDPENCDD - ok 17:34:22.0376 5836 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 17:34:22.0455 5836 RDPWD - ok 17:34:22.0527 5836 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys 17:34:22.0587 5836 RMCAST - ok 17:34:22.0648 5836 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 17:34:22.0714 5836 rspndr - ok 17:34:22.0756 5836 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys 17:34:22.0842 5836 RTL8169 - ok 17:34:22.0884 5836 RTSTOR (d6d7c67a6df41898d9cf11c734690254) C:\Windows\system32\drivers\RTSTOR.SYS 17:34:22.0923 5836 RTSTOR - ok 17:34:22.0968 5836 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 17:34:22.0998 5836 sbp2port - ok 17:34:23.0061 5836 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 17:34:23.0171 5836 secdrv - ok 17:34:23.0231 5836 Ser2pl (cb3e852b818946f396e35a976ee6b552) C:\Windows\system32\DRIVERS\ser2pl.sys 17:34:23.0302 5836 Ser2pl - ok 17:34:23.0328 5836 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 17:34:23.0450 5836 Serenum - ok 17:34:23.0474 5836 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys 17:34:23.0587 5836 Serial - ok 17:34:23.0629 5836 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 17:34:23.0686 5836 sermouse - ok 17:34:23.0729 5836 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 17:34:23.0829 5836 sffdisk - ok 17:34:23.0859 5836 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 17:34:23.0959 5836 sffp_mmc - ok 17:34:23.0995 5836 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 17:34:24.0092 5836 sffp_sd - ok 17:34:24.0115 5836 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 17:34:24.0213 5836 sfloppy - ok 17:34:24.0288 5836 Si3531 (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys 17:34:24.0311 5836 Si3531 - ok 17:34:24.0338 5836 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys 17:34:24.0359 5836 SiFilter - ok 17:34:24.0386 5836 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys 17:34:24.0407 5836 SiRemFil - ok 17:34:24.0431 5836 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 17:34:24.0458 5836 SiSRaid2 - ok 17:34:24.0488 5836 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 17:34:24.0518 5836 SiSRaid4 - ok 17:34:24.0573 5836 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 17:34:24.0639 5836 Smb - ok 17:34:24.0690 5836 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 17:34:24.0717 5836 spldr - ok 17:34:24.0802 5836 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 17:34:24.0868 5836 srv - ok 17:34:24.0937 5836 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 17:34:24.0992 5836 srv2 - ok 17:34:25.0084 5836 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 17:34:25.0142 5836 srvnet - ok 17:34:25.0207 5836 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 17:34:25.0230 5836 ssmdrv - ok 17:34:25.0318 5836 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 17:34:25.0343 5836 swenum - ok 17:34:25.0392 5836 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 17:34:25.0420 5836 Symc8xx - ok 17:34:25.0441 5836 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 17:34:25.0467 5836 Sym_hi - ok 17:34:25.0490 5836 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 17:34:25.0517 5836 Sym_u3 - ok 17:34:25.0567 5836 SynTP (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys 17:34:25.0601 5836 SynTP - ok 17:34:25.0721 5836 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 17:34:25.0813 5836 Tcpip - ok 17:34:25.0870 5836 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 17:34:25.0940 5836 Tcpip6 - ok 17:34:25.0982 5836 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 17:34:26.0046 5836 tcpipreg - ok 17:34:26.0101 5836 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 17:34:26.0176 5836 TDPIPE - ok 17:34:26.0221 5836 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 17:34:26.0293 5836 TDTCP - ok 17:34:26.0345 5836 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 17:34:26.0408 5836 tdx - ok 17:34:26.0445 5836 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 17:34:26.0476 5836 TermDD - ok 17:34:26.0565 5836 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:34:26.0635 5836 tssecsrv - ok 17:34:26.0785 5836 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 17:34:26.0805 5836 TuneUpUtilitiesDrv - ok 17:34:26.0874 5836 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 17:34:26.0920 5836 tunmp - ok 17:34:26.0968 5836 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 17:34:27.0013 5836 tunnel - ok 17:34:27.0060 5836 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys 17:34:27.0087 5836 uagp35 - ok 17:34:27.0131 5836 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 17:34:27.0184 5836 udfs - ok 17:34:27.0227 5836 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 17:34:27.0254 5836 uliagpkx - ok 17:34:27.0288 5836 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 17:34:27.0321 5836 uliahci - ok 17:34:27.0348 5836 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 17:34:27.0378 5836 UlSata - ok 17:34:27.0410 5836 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 17:34:27.0442 5836 ulsata2 - ok 17:34:27.0497 5836 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 17:34:27.0551 5836 umbus - ok 17:34:27.0624 5836 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 17:34:27.0694 5836 usbccgp - ok 17:34:27.0735 5836 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 17:34:27.0854 5836 usbcir - ok 17:34:27.0909 5836 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 17:34:27.0964 5836 usbehci - ok 17:34:28.0013 5836 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 17:34:28.0079 5836 usbhub - ok 17:34:28.0121 5836 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 17:34:28.0230 5836 usbohci - ok 17:34:28.0275 5836 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 17:34:28.0343 5836 usbprint - ok 17:34:28.0422 5836 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 17:34:28.0465 5836 usbscan - ok 17:34:28.0507 5836 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:34:28.0546 5836 USBSTOR - ok 17:34:28.0602 5836 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 17:34:28.0655 5836 usbuhci - ok 17:34:28.0710 5836 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 17:34:28.0830 5836 usbvideo - ok 17:34:28.0885 5836 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 17:34:28.0989 5836 vga - ok 17:34:29.0046 5836 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 17:34:29.0122 5836 VgaSave - ok 17:34:29.0160 5836 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 17:34:29.0186 5836 viaagp - ok 17:34:29.0212 5836 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 17:34:29.0315 5836 ViaC7 - ok 17:34:29.0348 5836 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys 17:34:29.0374 5836 viaide - ok 17:34:29.0406 5836 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 17:34:29.0434 5836 volmgr - ok 17:34:29.0497 5836 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 17:34:29.0539 5836 volmgrx - ok 17:34:29.0578 5836 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 17:34:29.0618 5836 volsnap - ok 17:34:29.0672 5836 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 17:34:29.0700 5836 vsmraid - ok 17:34:29.0740 5836 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 17:34:29.0840 5836 WacomPen - ok 17:34:29.0891 5836 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:34:29.0946 5836 Wanarp - ok 17:34:29.0953 5836 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:34:30.0006 5836 Wanarpv6 - ok 17:34:30.0070 5836 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 17:34:30.0094 5836 Wd - ok 17:34:30.0146 5836 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 17:34:30.0196 5836 Wdf01000 - ok 17:34:30.0304 5836 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys 17:34:30.0373 5836 winusb - ok 17:34:30.0425 5836 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 17:34:30.0483 5836 WmiAcpi - ok 17:34:30.0577 5836 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 17:34:30.0652 5836 WpdUsb - ok 17:34:30.0735 5836 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 17:34:30.0807 5836 ws2ifsl - ok 17:34:30.0873 5836 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:34:30.0948 5836 WUDFRd - ok 17:34:31.0016 5836 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys 17:34:31.0037 5836 X10Hid - ok 17:34:31.0081 5836 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys 17:34:31.0097 5836 XUIF - ok 17:34:31.0126 5836 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 17:34:31.0256 5836 \Device\Harddisk0\DR0 - ok 17:34:31.0263 5836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2 17:34:31.0444 5836 \Device\Harddisk2\DR2 - ok 17:34:31.0449 5836 Boot (0x1200) (5b325fa6da193ac1f8b5ac3e1edfa415) \Device\Harddisk0\DR0\Partition0 17:34:31.0450 5836 \Device\Harddisk0\DR0\Partition0 - ok 17:34:31.0458 5836 Boot (0x1200) (f5bba773cc17d10c649b6715d81d63ad) \Device\Harddisk0\DR0\Partition1 17:34:31.0460 5836 \Device\Harddisk0\DR0\Partition1 - ok 17:34:31.0469 5836 Boot (0x1200) (0b987d3983c4e08162e15b213dd4a995) \Device\Harddisk2\DR2\Partition0 17:34:31.0471 5836 \Device\Harddisk2\DR2\Partition0 - ok 17:34:31.0473 5836 ============================================================ 17:34:31.0473 5836 Scan finished 17:34:31.0473 5836 ============================================================ 17:34:31.0495 6080 Detected object count: 0 17:34:31.0495 6080 Actual detected object count: 0 |
02.01.2012, 20:49 | #11 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
03.01.2012, 12:09 | #12 |
| Dateien nur noch als Verknüpfung auf externer FP Combofix Logfile: Code:
ATTFilter ComboFix 12-01-03.03 - Dennis 03.01.2012 11:36:20.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.359 [GMT 1:00] ausgeführt von:: c:\users\Dennis\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Downloaded Program Files\IDropPTB.dll . . ((((((((((((((((((((((( Dateien erstellt von 2011-12-03 bis 2012-01-03 )))))))))))))))))))))))))))))) . . 2012-01-03 10:49 . 2012-01-03 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-03 10:27 . 2012-01-03 10:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2C4E30D-A180-4368-9BD1-3AED2CD2B7D1}\offreg.dll 2012-01-03 10:27 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2C4E30D-A180-4368-9BD1-3AED2CD2B7D1}\mpengine.dll 2012-01-02 11:27 . 2012-01-02 11:27 -------- d-----w- C:\_OTL 2011-12-30 15:39 . 2011-12-30 15:39 -------- d-----w- c:\programdata\Malwarebytes 2011-12-30 15:39 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-28 19:17 . 2011-12-28 19:17 -------- d-----w- c:\program files\ESET 2011-12-28 13:55 . 2011-12-28 13:55 -------- d-----w- c:\users\Dennis\AppData\Roaming\Avira 2011-12-28 13:44 . 2011-12-28 17:47 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-12-28 13:44 . 2011-12-28 17:47 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-12-28 13:44 . 2011-12-28 13:44 -------- d-----w- c:\program files\Avira 2011-12-16 15:18 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-16 15:18 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-16 15:18 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-16 15:18 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-16 15:18 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-12-16 15:18 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-16 15:18 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 17:29 . 2011-11-23 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-18 15:39 . 2011-09-30 18:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-15 13:29 . 2009-10-02 17:18 222080 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-25 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400] "OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-09-04 2560000] "Skytel"="Skytel.exe" [2007-08-03 1826816] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-08 20:17 52256 ----a-w- c:\program files\Home Cinema\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-02-09 18:51 71216 ----a-w- c:\program files\Home Cinema\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-12-25 21:37 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-09 13:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 133104] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 133104] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-12-28 340136] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-28 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-28 428200] S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864] S2 MDESIGN License Manager;MDESIGN License Manager;d:\mdesign\MDESIGN\lmgrd.exe [2006-06-30 1339392] S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256] S3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPService REG_MULTI_SZ HPSLPSVC . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners . 2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 18:07] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 18:07] . 2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{2CA5B97C-2E80-401D-B6D3-12ED15CD9318}.job - c:\windows\system32\msfeedssync.exe [2011-12-16 04:44] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 94.31.65.69 DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ------- Dateityp-Verknüpfung ------- . .scr=AutoCADScriptFile . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-01-03 11:49 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . . c:\windows\TEMP\TMP0000003AFA0921435EEDC3FE 524288 bytes . Scan erfolgreich abgeschlossen versteckte Dateien: 1 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2012-01-03 11:53:45 ComboFix-quarantined-files.txt 2012-01-03 10:53 . Vor Suchlauf: 10 Verzeichnis(se), 34.193.080.320 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 34.797.125.632 Bytes frei . - - End Of File - - 6EC96E7D81450F41335B7E838A59A41B |
03.01.2012, 19:54 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
03.01.2012, 21:52 | #14 |
| Dateien nur noch als Verknüpfung auf externer FP OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:51:06 on 03.01.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\Windows\system32\ddbacctm.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl "styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl "trueprint.cpl" - "AuthenTec, Inc." - C:\Windows\system32\trueprint.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Dennis\AppData\Local\Temp\catchme.sys (File not found) "File Security Driver" (IKFileSec) - "PCTools Research Pty Ltd." - C:\Windows\system32\drivers\ikfilesec.sys "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "System Filter Driver" (IKSysFlt) - "PCTools Research Pty Ltd." - C:\Windows\System32\drivers\iksysflt.sys "System Security Driver" (IKSysSec) - "PCTools Research Pty Ltd." - C:\Windows\System32\drivers\iksyssec.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {ADC46291-D8A1-4486-A24C-86FFB392AEFA} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll {5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {27887764-0D0A-4C3C-B0C6-91A332FFF6A7} "DWFVShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWF_VShell.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? - (File not found | COM-object registry key not found) {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? - (File not found | COM-object registry key not found) {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? - (File not found | COM-object registry key not found) {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "TIShelEx Shell Extension" - ? - (File not found | COM-object registry key not found) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) {ABE00001-0123-ABED-1248-0248ADFA1909} "Zoom Player ShellExt" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? - (File not found | COM-object registry key not found) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx / hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1225031161 {BA162249-F2C5-4851-8ADC-FC58CB424243} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716 {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab {4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}" - ? - (File not found | COM-object registry key not found) / hxxp://game13.zylom.com/activex/zylomgamesplayer.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON V3 2KMonitor64" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_SL2064.DLL "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "AST Service" (astcc) - "Nalpeiron Ltd." - C:\Windows\system32\AstSrv.exe "Autodesk Data Management Job Dispatch" (Autodesk Data Management Job Dispatch) - "Autodesk" - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe "Autodesk Licensing Service" (Autodesk Licensing Service) - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe "GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "MDESIGN License Manager" (MDESIGN License Manager) - "Macrovision Corporation" - D:\MDESIGN\MDESIGN\lmgrd.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PC Tools Auxiliary Service" (sdAuxService) - ? - C:\Program Files\Spyware Doctor\pctsAuxs.exe (File not found) "PC Tools Security Service" (sdCoreService) - ? - C:\Program Files\Spyware Doctor\pctsSvc.exe (File not found) "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe "Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe "SQL Server (AUTODESKVAULT)" (MSSQL$AUTODESKVAULT) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] |
03.01.2012, 22:25 | #15 |
| Dateien nur noch als Verknüpfung auf externer FPCode:
ATTFilter aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software Run date: 2012-01-03 21:55:25 ----------------------------- 21:55:25.149 OS Version: Windows 6.0.6002 Service Pack 2 21:55:25.150 Number of processors: 2 586 0xF0D 21:55:25.156 ComputerName: DENNIS-PC UserName: Dennis 21:55:26.023 Initialize success 21:56:06.313 AVAST engine defs: 12010300 21:56:38.379 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 21:56:38.383 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3 21:56:38.395 Disk 0 MBR read successfully 21:56:38.400 Disk 0 MBR scan 21:56:38.410 Disk 0 Windows VISTA default MBR code 21:56:38.415 Disk 0 Partition - 00 0F Extended LBA 27093 MB offset 257088195 21:56:38.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 125531 MB offset 63 21:56:38.454 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 27093 MB offset 257088258 21:56:38.469 Disk 0 scanning sectors +312576705 21:56:38.553 Disk 0 scanning C:\Windows\system32\drivers 21:56:56.969 Service scanning 21:56:58.762 Modules scanning 21:57:06.458 Disk 0 trace - called modules: 21:57:06.487 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 21:57:06.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864b5668] 21:57:06.505 3 CLASSPNP.SYS[887bc8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8560f030] 21:57:07.541 AVAST engine scan C:\Windows 21:57:19.437 AVAST engine scan C:\Windows\system32 22:01:55.536 AVAST engine scan C:\Windows\system32\drivers 22:02:13.560 AVAST engine scan C:\Users\Dennis 22:16:06.171 AVAST engine scan C:\ProgramData 22:19:48.846 Scan finished successfully 22:24:35.903 Disk 0 MBR has been saved successfully to "C:\Users\Dennis\Documents\MBR.dat" 22:24:35.919 The log file has been saved successfully to "C:\Users\Dennis\Documents\aswMBR.txt" |
Themen zu Dateien nur noch als Verknüpfung auf externer FP |
anleitung, dateien, downloader, erstellen, escan, externer, files, found, gepostet, installer, log-file, onlinescan, probleme, sache, schonmal, service, sound, stelle, system, toolbar, verknüpfung, version, volume, worm |