| |
| |||||||
Log-Analyse und Auswertung: Dateien nur noch als Verknüpfung auf externer FPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.12.2011, 13:53
| #1 |
 |  Dateien nur noch als Verknüpfung auf externer FP Hallo Community. Ich habe mich ein wenig belesen, was die Probleme betrifft und musste feststellen, dass viele das gleiche o.g. Problem haben wie ich. Cosinus, du hast hier ne nette Anleitung vor geraumer Zeit gepostet, was den "Eset-onlne-scanner" betrifft. Ich habe mich der Sache mal angenommen und die Log-File erstellen lassen, die wie folgt aussieht: (bedanke mich schonmal im vorraus für die Hilfe) Zitat: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6aba6c256269cb4e822ab4b56cccff39 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-29 12:43:36 # local_time=2011-12-29 01:43:36 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 23747 23747 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 23669 162632749 0 0 # compatibility_mode=8192 67108863 100 0 3776 3776 0 0 # scanned=211215 # found=15 # cleaned=0 # scan_time=19394 C:\Program Files\PDFCreator\Toolbar\is-6TBMF.tmp Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Bewerbungen.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Bilder.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\HD-Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Musik-Alben.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Musik.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Soundtrack-Alben.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\System Volume Information.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\Videos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN\S-1-5-21-1235014147-1984952320-3779526693-1000\$RGDOKL9.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB\HD-Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB\Videos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I |
|
29.12.2011, 18:00
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Dateien nur noch als Verknüpfung auf externer FP Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
31.12.2011, 02:49
| #3 |
| | Dateien nur noch als Verknüpfung auf externer FP Hi cosinus,
__________________hier mal die ergebnisse von malewarebytes: zitat: "Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.30.02 Windows Vista Service Pack 2 x86 FAT32 Internet Explorer 8.0.6001.19170 Dennis :: DENNIS-PC [Administrator] 30.12.2011 16:40:51 mbam-log-2011-12-30 (16-40-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 385919 Laufzeit: 2 Stunde(n), 12 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)" was sagt mir das jetzt? nichts gefunden mit diesem prog...was nun? lg |
|
31.12.2011, 10:55
| #4 |
| | Dateien nur noch als Verknüpfung auf externer FP habe hier noch 3 ältere gefunden.... (im anhang) lg |
|
31.12.2011, 15:53
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen: Code:
ATTFilter attrib -s -h "x:\ordner" /s /d
"ordner" muss dann der jew. richtige Ordnername sein Vgl. diesen Strang => http://www.trojaner-board.de/102950-...traeger-2.html Mach danach ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.01.2012, 12:56
| #6 |
| | Dateien nur noch als Verknüpfung auf externer FP ich hoffe, ich habe deine "code-anleitung" richtig interpretiert.... was ist denn mit dem "extra.txt"? brauchst du den text auch? greetz OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.01.2012 11:15:53 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,85% Memory free 4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 122,59 Gb Total Space | 32,50 Gb Free Space | 26,51% Space Free | Partition Type: NTFS Drive D: | 26,45 Gb Total Space | 22,72 Gb Free Space | 85,93% Space Free | Partition Type: FAT32 Drive E: | 58,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 931,51 Gb Total Space | 534,84 Gb Free Space | 57,42% Space Free | Partition Type: NTFS Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.01 11:11:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe PRC - [2011.12.28 20:03:21 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.12.28 18:47:14 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.12.28 18:47:14 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.12.28 18:47:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.28 18:47:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.08.02 16:14:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.13 10:35:10 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.11.13 10:32:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.04.11 07:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.30 09:49:50 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe PRC - [2008.02.18 06:37:48 | 000,032,768 | ---- | M] (Autodesk) -- C:\Programme\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe PRC - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe PRC - [2007.09.04 11:41:00 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.09.03 17:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.08.31 10:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.12 15:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.13 17:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.04.13 17:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe PRC - [2007.02.07 17:23:22 | 001,581,056 | ---- | M] () -- D:\MDESIGN\MDESIGN\TEDATA.exe PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.06.30 12:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) -- D:\MDESIGN\MDESIGN\lmgrd.exe PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.12.28 20:03:21 | 000,849,368 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.09.04 11:45:54 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe MOD - [2007.09.04 11:37:26 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2007.09.04 11:37:14 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2007.09.04 11:37:02 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll MOD - [2007.09.04 11:37:00 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2007.09.04 11:36:54 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll MOD - [2007.09.04 11:36:48 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2007.09.04 11:36:44 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (sdCoreService) SRV - File not found [On_Demand | Stopped] -- -- (sdAuxService) SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService) SRV - [2011.12.28 18:47:14 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.12.28 18:47:14 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.12.28 18:47:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.28 18:47:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.12.04 21:41:39 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.11.13 10:32:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.11.13 10:27:56 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.11.07 18:40:19 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.10.02 11:45:18 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.04.11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.10.30 09:49:50 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\AstSrv.exe -- (astcc) SRV - [2008.02.18 06:37:48 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2007.09.04 11:39:54 | 000,040,960 | ---- | M] (Softex Inc.) [On_Demand | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.04.13 17:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.06.30 12:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) [Auto | Running] -- D:\MDESIGN\MDESIGN\lmgrd.exe -- (MDESIGN License Manager) SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.12.28 18:47:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.28 18:47:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.02.01 10:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec) DRV - [2007.12.10 12:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec) DRV - [2007.12.10 12:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt) DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007.08.08 07:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.06.01 09:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531) DRV - [2007.05.25 08:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2007.05.25 08:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV - [2007.04.30 12:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.02.12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: D:\TOOLS\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.28 20:03:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.28 20:03:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2009.06.24 17:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2012.01.01 10:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions [2010.07.11 10:28:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.29 17:09:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.12.28 15:13:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml [2011.09.28 20:08:05 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml [2011.11.15 15:41:42 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml [2011.12.28 20:03:33 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml [2009.08.05 20:08:50 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml [2009.09.13 14:52:47 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml [2009.10.30 20:12:09 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml [2011.05.02 18:36:00 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml [2011.06.25 16:11:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml [2011.08.17 15:09:53 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml [2011.09.01 16:57:18 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml [2011.09.09 11:00:27 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml [2010.06.21 09:50:56 | 000,003,915 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml [2011.11.23 18:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.23 18:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.23 18:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.23 18:29:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.15 15:41:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.15 15:41:18 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.15 15:41:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.15 15:41:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.15 15:41:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1225031161 (Image Uploader Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716 (Image Uploader Control) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.31.65.69 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1BD1AFE-2142-4FF3-B8B0-AE088816908A}: DhcpNameServer = 94.31.65.69 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.09.08 09:06:11 | 000,000,000 | -H-D | M] - E:\AutoRunSource -- [ CDFS ] O32 - AutoRun File - [2011.09.08 09:33:19 | 002,520,576 | R--- | M] (Longtion Software Inc. ) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2011.04.14 09:47:44 | 000,095,701 | RH-- | M] () - E:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2011.09.07 15:32:56 | 000,000,063 | RH-- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.03.01 11:16:59 | 000,211,164 | RH-- | M] () - E:\autorun.tgt -- [ CDFS ] O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell\AutoRun\command - "" = H:\setup.exe -a O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( ) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: sdauxservice - File not found SafeBootMin: sdcoreservice - File not found SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: sdauxservice - File not found SafeBootNet: sdcoreservice - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {3C4CA55D-C315-C489-36DE-31DB5817CCA9} - Microsoft Windows Media Player 11.0 ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5E7C766A-B2D5-42F9-338E-8F172E80EF38} - ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {734825D4-5ACB-3DA4-FA6A-600DD12F778A} - Adobe Shockwave Director 10.2 ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067) ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept) Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.01 11:11:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2011.12.30 16:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.30 16:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.30 16:39:06 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.28 20:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.28 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Avira [2011.12.28 14:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.28 14:44:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.12.28 14:44:42 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.28 14:44:42 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.12.28 14:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira ========== Files - Modified Within 30 Days ========== [2012.01.01 11:11:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2012.01.01 10:51:26 | 000,000,004 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Default.PLS [2012.01.01 10:50:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.01 10:42:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.01 10:42:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.01 10:26:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.01 10:24:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.01.01 10:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.01 10:24:33 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2011.12.30 16:40:00 | 000,787,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.30 16:40:00 | 000,727,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.30 16:40:00 | 000,189,508 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.30 16:40:00 | 000,153,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.30 16:39:10 | 000,000,481 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 16:15:34 | 000,125,440 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.28 18:47:15 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.28 18:47:15 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.12.28 14:45:05 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.12.28 14:29:06 | 000,563,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.28 14:06:21 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.12.30 16:39:10 | 000,000,481 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.28 14:45:05 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.09.10 07:18:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.09.07 13:57:49 | 000,239,076 | ---- | C] () -- C:\Windows\hpwins26.dat [2011.09.07 13:53:49 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini [2011.04.23 06:58:27 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini [2010.03.08 18:41:21 | 000,105,199 | ---- | C] () -- C:\Windows\Restart.EXE [2009.09.25 19:41:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.25 19:41:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.18 07:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat [2008.11.05 18:08:13 | 000,003,976 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\wklnhst.dat [2008.08.30 02:01:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.20 14:39:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.07.19 04:32:16 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2008.06.19 15:45:49 | 000,000,680 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat [2008.05.12 03:42:50 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.05.12 03:42:50 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.05.12 03:37:59 | 000,125,440 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.29 14:07:52 | 000,000,004 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Default.PLS [2008.01.23 14:51:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.23 13:48:14 | 000,000,094 | ---- | C] () -- C:\Users\Dennis\AppData\Local\fusioncache.dat [2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.01.02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.01.02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.01.02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.09.19 06:56:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.09.18 19:01:37 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.09.18 19:01:37 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.09.18 08:38:30 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007.09.18 08:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2007.09.18 08:16:24 | 000,000,216 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2007.09.12 08:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.09.12 08:35:40 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.09.12 08:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll [2007.09.12 08:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 16:33:31 | 000,787,020 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,189,508 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,563,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,727,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,153,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.20 06:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini [2000.04.18 03:02:00 | 000,000,110 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT ========== LOP Check ========== [2011.08.04 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Autodesk [2009.10.02 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus [2010.03.01 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Buhl Data Service [2008.01.23 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BullGuard [2010.11.24 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dennis [2011.08.29 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar [2011.08.04 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Image Zone Express [2008.05.10 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MAGIX [2010.12.07 20:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Neuer Ordner [2010.09.13 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org [2011.09.10 07:19:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\pdfforge [2009.01.21 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Printer Info Cache [2008.04.28 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sonavis [2008.11.05 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Template [2009.12.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2008.04.28 01:48:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TVcentral-Core [2011.08.22 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent [2009.01.20 06:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\VMedia [2011.12.31 19:12:31 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.16 18:46:59 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CA5B97C-2E80-401D-B6D3-12ED15CD9318}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.02.23 09:00:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe [2010.09.15 16:01:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ahead [2008.11.19 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer [2011.08.04 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Autodesk [2011.12.28 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Avira [2008.05.12 03:45:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AVS4YOU [2009.10.02 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus [2010.03.01 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Buhl Data Service [2008.01.23 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BullGuard [2008.04.29 14:07:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink [2010.11.24 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dennis [2009.04.20 17:50:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX [2011.06.17 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\dvdcss [2008.01.23 14:07:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Google [2011.08.30 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\HP [2011.08.29 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar [2008.01.23 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities [2011.08.04 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Image Zone Express [2008.02.10 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\InstallShield [2008.01.23 14:10:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia [2008.05.10 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MAGIX [2011.07.31 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs [2011.10.07 11:32:22 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft [2009.02.23 19:49:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Move Networks [2009.06.24 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla [2010.12.07 20:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Neuer Ordner [2010.09.13 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org [2008.05.07 01:26:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Tools [2011.09.10 07:19:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\pdfforge [2009.01.21 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Printer Info Cache [2008.11.27 07:07:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\skypePM [2008.04.28 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sonavis [2008.11.05 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Template [2009.12.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2008.04.28 01:48:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TVcentral-Core [2010.09.13 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\U3 [2011.08.22 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent [2011.11.20 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc [2009.01.20 06:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\VMedia [2008.07.02 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR [2008.07.12 12:13:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2009.03.02 18:34:22 | 010,684,866 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Azureus\plugins\azump\mplayer.exe [2011.09.30 19:02:24 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2009.11.07 18:24:42 | 000,010,134 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2009.02.06 00:56:14 | 000,097,144 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.02.23 19:49:09 | 000,034,063 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Move Networks\ie_bin\Uninst.exe [2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe [2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe [2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe [2009.03.03 12:45:08 | 000,693,712 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe [2009.03.03 12:45:05 | 001,091,024 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe [2009.03.03 12:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe [2009.03.04 08:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe [2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys [2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys [2007.07.12 15:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2008.01.19 08:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
02.01.2012, 12:21
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2011.12.28 15:13:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml
[2011.09.28 20:08:05 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml
[2011.11.15 15:41:42 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml
[2011.12.28 20:03:33 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml
[2009.08.05 20:08:50 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml
[2009.09.13 14:52:47 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml
[2009.10.30 20:12:09 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml
[2011.05.02 18:36:00 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml
[2011.06.25 16:11:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml
[2011.08.17 15:09:53 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml
[2011.09.01 16:57:18 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml
[2011.09.09 11:00:27 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml
[2010.06.21 09:50:56 | 000,003,915 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.08 09:06:11 | 000,000,000 | -H-D | M] - E:\AutoRunSource -- [ CDFS ]
O32 - AutoRun File - [2011.09.08 09:33:19 | 002,520,576 | R--- | M] (Longtion Software Inc. ) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.04.14 09:47:44 | 000,095,701 | RH-- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011.09.07 15:32:56 | 000,000,063 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.03.01 11:16:59 | 000,211,164 | RH-- | M] () - E:\autorun.tgt -- [ CDFS ]
O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun
O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun
O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
[2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
F:\*.lnk
F:\$RECYCLE.BIN\S-1-5-21*
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 12:44
| #8 |
| | Dateien nur noch als Verknüpfung auf externer FP hi, hier das log nach otl-fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\autorun.tgt scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found.
File H:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
C:\Users\Dennis\AppData\Roaming\ICQ Toolbar folder moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
F:\$RECYCLE.BIN.lnk moved successfully.
F:\Bewerbungen.lnk moved successfully.
F:\Bilder.lnk moved successfully.
F:\Filme.lnk moved successfully.
F:\HD-Filme.lnk moved successfully.
F:\Musik-Alben.lnk moved successfully.
F:\Musik.lnk moved successfully.
F:\Soundtrack-Alben.lnk moved successfully.
F:\System Volume Information.lnk moved successfully.
F:\Videos.lnk moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-1235014147-1984952320-3779526693-1000 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-2617947982-1946965418-1152030714-1000 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-3005907653-400381532-2282554573-1000 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RW6BGAU folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RLCBIEE.XviD-EMPiRE\Sample folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RLCBIEE.XviD-EMPiRE folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-524960744-1537308869-899931187-1000 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RJR72HJ folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$R4383VG folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dennis
->Temp folder emptied: 134965747 bytes
->Temporary Internet Files folder emptied: 264576074 bytes
->Java cache emptied: 21975953 bytes
->FireFox cache emptied: 122684728 bytes
->Flash cache emptied: 13548041 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 106498628 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 634,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_122757
Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\autorun.tgt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JETBB04.tmp not found!
C:\Windows\temp\JETF314.tmp moved successfully.
Registry entries deleted on Reboot...
|
|
02.01.2012, 14:11
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 17:36
| #10 |
| | Dateien nur noch als Verknüpfung auf externer FP ich bin verwirrt. warum zeigt er mir nix an? habe ich in den schritten davor irgendetwas falsch gemacht? oder ist die fp nun clean? greetz Code:
ATTFilter 17:30:45.0967 1508 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:30:46.0164 1508 ============================================================
17:30:46.0164 1508 Current date / time: 2012/01/02 17:30:46.0164
17:30:46.0164 1508 SystemInfo:
17:30:46.0164 1508
17:30:46.0164 1508 OS Version: 6.0.6002 ServicePack: 2.0
17:30:46.0164 1508 Product type: Workstation
17:30:46.0165 1508 ComputerName: DENNIS-PC
17:30:46.0165 1508 UserName: Dennis
17:30:46.0165 1508 Windows directory: C:\Windows
17:30:46.0165 1508 System windows directory: C:\Windows
17:30:46.0165 1508 Processor architecture: Intel x86
17:30:46.0165 1508 Number of processors: 2
17:30:46.0165 1508 Page size: 0x1000
17:30:46.0165 1508 Boot type: Normal boot
17:30:46.0165 1508 ============================================================
17:30:47.0865 1508 Initialize success
17:33:58.0757 5836 ============================================================
17:33:58.0757 5836 Scan started
17:33:58.0758 5836 Mode: Manual; SigCheck; TDLFS;
17:33:58.0758 5836 ============================================================
17:34:00.0856 5836 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:34:01.0045 5836 ACPI - ok
17:34:01.0221 5836 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:34:01.0290 5836 adp94xx - ok
17:34:01.0376 5836 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:34:01.0417 5836 adpahci - ok
17:34:01.0466 5836 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:34:01.0496 5836 adpu160m - ok
17:34:01.0520 5836 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:34:01.0554 5836 adpu320 - ok
17:34:01.0659 5836 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:34:01.0766 5836 AFD - ok
17:34:01.0868 5836 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
17:34:02.0063 5836 AgereSoftModem - ok
17:34:02.0115 5836 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:34:02.0143 5836 aic78xx - ok
17:34:02.0189 5836 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
17:34:02.0216 5836 aliide - ok
17:34:02.0248 5836 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:34:02.0277 5836 amdagp - ok
17:34:02.0293 5836 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
17:34:02.0320 5836 amdide - ok
17:34:02.0353 5836 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:34:02.0457 5836 AmdK7 - ok
17:34:02.0484 5836 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:34:02.0595 5836 AmdK8 - ok
17:34:02.0717 5836 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:34:02.0745 5836 arc - ok
17:34:02.0782 5836 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:34:02.0812 5836 arcsas - ok
17:34:02.0915 5836 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:34:03.0001 5836 AsyncMac - ok
17:34:03.0050 5836 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:34:03.0079 5836 atapi - ok
17:34:03.0165 5836 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
17:34:03.0242 5836 ATSWPDRV - ok
17:34:03.0334 5836 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
17:34:03.0374 5836 avgntflt - ok
17:34:03.0398 5836 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
17:34:03.0429 5836 avipbb - ok
17:34:03.0500 5836 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:34:03.0605 5836 Beep - ok
17:34:03.0639 5836 blbdrive - ok
17:34:03.0698 5836 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:34:03.0765 5836 bowser - ok
17:34:03.0856 5836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:34:03.0917 5836 BrFiltLo - ok
17:34:03.0958 5836 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:34:04.0028 5836 BrFiltUp - ok
17:34:04.0082 5836 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:34:04.0192 5836 Brserid - ok
17:34:04.0225 5836 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:34:04.0357 5836 BrSerWdm - ok
17:34:04.0396 5836 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:34:04.0500 5836 BrUsbMdm - ok
17:34:04.0539 5836 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:34:04.0627 5836 BrUsbSer - ok
17:34:04.0671 5836 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:34:04.0777 5836 BTHMODEM - ok
17:34:04.0878 5836 Cam5607 (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys
17:34:05.0008 5836 Cam5607 - ok
17:34:05.0104 5836 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:34:05.0202 5836 cdfs - ok
17:34:05.0260 5836 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:34:05.0336 5836 cdrom - ok
17:34:05.0391 5836 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:34:05.0498 5836 circlass - ok
17:34:05.0549 5836 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:34:05.0595 5836 CLFS - ok
17:34:05.0685 5836 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:34:05.0765 5836 CmBatt - ok
17:34:05.0819 5836 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
17:34:05.0847 5836 cmdide - ok
17:34:05.0908 5836 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:34:05.0935 5836 Compbatt - ok
17:34:05.0966 5836 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:34:05.0993 5836 crcdisk - ok
17:34:06.0024 5836 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:34:06.0133 5836 Crusoe - ok
17:34:06.0232 5836 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:34:06.0285 5836 DfsC - ok
17:34:06.0373 5836 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:34:06.0406 5836 disk - ok
17:34:06.0487 5836 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
17:34:06.0569 5836 Dot4 - ok
17:34:06.0602 5836 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:34:06.0673 5836 Dot4Print - ok
17:34:06.0707 5836 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
17:34:06.0788 5836 dot4usb - ok
17:34:06.0866 5836 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:34:06.0916 5836 drmkaud - ok
17:34:06.0970 5836 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:34:07.0028 5836 DXGKrnl - ok
17:34:07.0073 5836 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:34:07.0194 5836 E1G60 - ok
17:34:07.0258 5836 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:34:07.0300 5836 Ecache - ok
17:34:07.0367 5836 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:34:07.0408 5836 elxstor - ok
17:34:07.0482 5836 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:34:07.0545 5836 exfat - ok
17:34:07.0577 5836 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:34:07.0642 5836 fastfat - ok
17:34:07.0669 5836 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:34:07.0779 5836 fdc - ok
17:34:07.0836 5836 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
17:34:07.0940 5836 FETNDIS - ok
17:34:08.0014 5836 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:34:08.0044 5836 FileInfo - ok
17:34:08.0101 5836 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:34:08.0164 5836 Filetrace - ok
17:34:08.0207 5836 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:34:08.0313 5836 flpydisk - ok
17:34:08.0372 5836 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:34:08.0413 5836 FltMgr - ok
17:34:08.0506 5836 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:34:08.0567 5836 Fs_Rec - ok
17:34:08.0605 5836 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:34:08.0635 5836 gagp30kx - ok
17:34:08.0756 5836 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:34:08.0941 5836 HdAudAddService - ok
17:34:09.0002 5836 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:34:09.0127 5836 HDAudBus - ok
17:34:09.0157 5836 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:34:09.0277 5836 HidBth - ok
17:34:09.0309 5836 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:34:09.0419 5836 HidIr - ok
17:34:09.0479 5836 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:34:09.0522 5836 HidUsb - ok
17:34:09.0559 5836 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:34:09.0587 5836 HpCISSs - ok
17:34:09.0646 5836 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:34:09.0798 5836 HTTP - ok
17:34:09.0864 5836 hwdatacard - ok
17:34:09.0898 5836 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:34:09.0923 5836 i2omp - ok
17:34:10.0000 5836 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:34:10.0067 5836 i8042prt - ok
17:34:10.0132 5836 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
17:34:10.0156 5836 iaStor - ok
17:34:10.0191 5836 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:34:10.0229 5836 iaStorV - ok
17:34:10.0333 5836 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:34:10.0610 5836 igfx - ok
17:34:10.0658 5836 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:34:10.0685 5836 iirsp - ok
17:34:10.0742 5836 IKFileSec (3d8a88bd1e6a640807691198a8342e8c) C:\Windows\system32\drivers\ikfilesec.sys
17:34:10.0766 5836 IKFileSec - ok
17:34:10.0797 5836 IKSysFlt (7583e2211097d273fca4e3fce04f639f) C:\Windows\system32\drivers\iksysflt.sys
17:34:10.0823 5836 IKSysFlt - ok
17:34:10.0855 5836 IKSysSec (2402f65f1eca5159c8f0f16066f4bded) C:\Windows\system32\drivers\iksyssec.sys
17:34:10.0880 5836 IKSysSec - ok
17:34:11.0016 5836 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
17:34:11.0358 5836 IntcAzAudAddService - ok
17:34:11.0504 5836 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:34:11.0531 5836 intelide - ok
17:34:11.0713 5836 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:34:11.0777 5836 intelppm - ok
17:34:11.0862 5836 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:34:11.0933 5836 IpFilterDriver - ok
17:34:11.0952 5836 IpInIp - ok
17:34:12.0004 5836 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:34:12.0112 5836 IPMIDRV - ok
17:34:12.0168 5836 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:34:12.0240 5836 IPNAT - ok
17:34:12.0281 5836 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:34:12.0361 5836 IRENUM - ok
17:34:12.0404 5836 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:34:12.0432 5836 isapnp - ok
17:34:12.0485 5836 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:34:12.0512 5836 iScsiPrt - ok
17:34:12.0536 5836 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:34:12.0562 5836 iteatapi - ok
17:34:12.0596 5836 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:34:12.0623 5836 iteraid - ok
17:34:12.0669 5836 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:34:12.0697 5836 kbdclass - ok
17:34:12.0737 5836 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:34:12.0792 5836 kbdhid - ok
17:34:12.0860 5836 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:34:12.0932 5836 KSecDD - ok
17:34:13.0032 5836 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:34:13.0134 5836 lltdio - ok
17:34:13.0197 5836 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:34:13.0225 5836 LSI_FC - ok
17:34:13.0252 5836 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:34:13.0281 5836 LSI_SAS - ok
17:34:13.0303 5836 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:34:13.0332 5836 LSI_SCSI - ok
17:34:13.0391 5836 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:34:13.0469 5836 luafv - ok
17:34:13.0531 5836 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:34:13.0557 5836 megasas - ok
17:34:13.0636 5836 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:34:13.0700 5836 Modem - ok
17:34:13.0758 5836 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:34:13.0821 5836 monitor - ok
17:34:13.0875 5836 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:34:13.0902 5836 mouclass - ok
17:34:13.0925 5836 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:34:13.0979 5836 mouhid - ok
17:34:14.0059 5836 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:34:14.0089 5836 MountMgr - ok
17:34:14.0150 5836 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:34:14.0182 5836 mpio - ok
17:34:14.0241 5836 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:34:14.0297 5836 mpsdrv - ok
17:34:14.0335 5836 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:34:14.0363 5836 Mraid35x - ok
17:34:14.0403 5836 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:34:14.0463 5836 MRxDAV - ok
17:34:14.0549 5836 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:14.0604 5836 mrxsmb - ok
17:34:14.0660 5836 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:14.0720 5836 mrxsmb10 - ok
17:34:14.0749 5836 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:14.0801 5836 mrxsmb20 - ok
17:34:14.0848 5836 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
17:34:14.0875 5836 msahci - ok
17:34:14.0906 5836 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:34:14.0937 5836 msdsm - ok
17:34:15.0024 5836 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:34:15.0093 5836 Msfs - ok
17:34:15.0173 5836 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:34:15.0199 5836 msisadrv - ok
17:34:15.0268 5836 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:34:15.0336 5836 MSKSSRV - ok
17:34:15.0384 5836 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:15.0436 5836 MSPCLOCK - ok
17:34:15.0489 5836 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:34:15.0559 5836 MSPQM - ok
17:34:15.0605 5836 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:34:15.0642 5836 MsRPC - ok
17:34:15.0674 5836 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:34:15.0694 5836 mssmbios - ok
17:34:15.0731 5836 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:34:15.0804 5836 MSTEE - ok
17:34:15.0821 5836 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:34:15.0853 5836 Mup - ok
17:34:15.0909 5836 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:34:15.0948 5836 NativeWifiP - ok
17:34:16.0027 5836 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:34:16.0108 5836 NDIS - ok
17:34:16.0165 5836 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:34:16.0217 5836 NdisTapi - ok
17:34:16.0274 5836 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:34:16.0345 5836 Ndisuio - ok
17:34:16.0386 5836 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:34:16.0460 5836 NdisWan - ok
17:34:16.0510 5836 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:34:16.0572 5836 NDProxy - ok
17:34:16.0653 5836 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:34:16.0729 5836 NetBIOS - ok
17:34:16.0778 5836 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:34:16.0851 5836 netbt - ok
17:34:16.0977 5836 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
17:34:17.0232 5836 NETw3v32 - ok
17:34:17.0341 5836 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
17:34:17.0581 5836 NETw4v32 - ok
17:34:17.0626 5836 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:34:17.0653 5836 nfrd960 - ok
17:34:17.0725 5836 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:34:17.0785 5836 Npfs - ok
17:34:17.0841 5836 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:34:17.0906 5836 nsiproxy - ok
17:34:17.0997 5836 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:34:18.0205 5836 Ntfs - ok
17:34:18.0264 5836 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:34:18.0377 5836 ntrigdigi - ok
17:34:18.0418 5836 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:34:18.0488 5836 Null - ok
17:34:18.0524 5836 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:34:18.0554 5836 nvraid - ok
17:34:18.0583 5836 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:34:18.0610 5836 nvstor - ok
17:34:18.0639 5836 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:34:18.0670 5836 nv_agp - ok
17:34:18.0685 5836 NwlnkFlt - ok
17:34:18.0705 5836 NwlnkFwd - ok
17:34:18.0767 5836 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
17:34:18.0885 5836 ohci1394 - ok
17:34:19.0013 5836 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
17:34:19.0106 5836 Parport - ok
17:34:19.0140 5836 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:34:19.0172 5836 partmgr - ok
17:34:19.0205 5836 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
17:34:19.0283 5836 Parvdm - ok
17:34:19.0317 5836 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:34:19.0357 5836 pci - ok
17:34:19.0389 5836 pciide (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
17:34:19.0416 5836 pciide - ok
17:34:19.0477 5836 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:34:19.0513 5836 pcmcia - ok
17:34:19.0591 5836 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:34:19.0890 5836 PEAUTH - ok
17:34:19.0988 5836 PhilCap (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
17:34:20.0101 5836 PhilCap - ok
17:34:20.0227 5836 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:34:20.0300 5836 PptpMiniport - ok
17:34:20.0343 5836 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:34:20.0455 5836 Processor - ok
17:34:20.0510 5836 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:34:20.0550 5836 PSched - ok
17:34:20.0631 5836 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:34:20.0790 5836 ql2300 - ok
17:34:20.0817 5836 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:34:20.0848 5836 ql40xx - ok
17:34:20.0905 5836 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:34:20.0954 5836 QWAVEdrv - ok
17:34:21.0057 5836 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
17:34:21.0332 5836 R300 - ok
17:34:21.0412 5836 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:34:21.0483 5836 RasAcd - ok
17:34:21.0542 5836 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:21.0619 5836 Rasl2tp - ok
17:34:21.0659 5836 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:21.0722 5836 RasPppoe - ok
17:34:21.0764 5836 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:34:21.0815 5836 RasSstp - ok
17:34:21.0858 5836 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:34:21.0932 5836 rdbss - ok
17:34:21.0986 5836 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:22.0053 5836 RDPCDD - ok
17:34:22.0104 5836 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:34:22.0218 5836 rdpdr - ok
17:34:22.0257 5836 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:34:22.0320 5836 RDPENCDD - ok
17:34:22.0376 5836 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:34:22.0455 5836 RDPWD - ok
17:34:22.0527 5836 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
17:34:22.0587 5836 RMCAST - ok
17:34:22.0648 5836 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:34:22.0714 5836 rspndr - ok
17:34:22.0756 5836 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
17:34:22.0842 5836 RTL8169 - ok
17:34:22.0884 5836 RTSTOR (d6d7c67a6df41898d9cf11c734690254) C:\Windows\system32\drivers\RTSTOR.SYS
17:34:22.0923 5836 RTSTOR - ok
17:34:22.0968 5836 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:34:22.0998 5836 sbp2port - ok
17:34:23.0061 5836 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:34:23.0171 5836 secdrv - ok
17:34:23.0231 5836 Ser2pl (cb3e852b818946f396e35a976ee6b552) C:\Windows\system32\DRIVERS\ser2pl.sys
17:34:23.0302 5836 Ser2pl - ok
17:34:23.0328 5836 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
17:34:23.0450 5836 Serenum - ok
17:34:23.0474 5836 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
17:34:23.0587 5836 Serial - ok
17:34:23.0629 5836 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:34:23.0686 5836 sermouse - ok
17:34:23.0729 5836 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:34:23.0829 5836 sffdisk - ok
17:34:23.0859 5836 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:34:23.0959 5836 sffp_mmc - ok
17:34:23.0995 5836 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:34:24.0092 5836 sffp_sd - ok
17:34:24.0115 5836 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:34:24.0213 5836 sfloppy - ok
17:34:24.0288 5836 Si3531 (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys
17:34:24.0311 5836 Si3531 - ok
17:34:24.0338 5836 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys
17:34:24.0359 5836 SiFilter - ok
17:34:24.0386 5836 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys
17:34:24.0407 5836 SiRemFil - ok
17:34:24.0431 5836 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:34:24.0458 5836 SiSRaid2 - ok
17:34:24.0488 5836 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:34:24.0518 5836 SiSRaid4 - ok
17:34:24.0573 5836 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:34:24.0639 5836 Smb - ok
17:34:24.0690 5836 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:34:24.0717 5836 spldr - ok
17:34:24.0802 5836 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:34:24.0868 5836 srv - ok
17:34:24.0937 5836 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:34:24.0992 5836 srv2 - ok
17:34:25.0084 5836 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:34:25.0142 5836 srvnet - ok
17:34:25.0207 5836 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:34:25.0230 5836 ssmdrv - ok
17:34:25.0318 5836 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:34:25.0343 5836 swenum - ok
17:34:25.0392 5836 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:34:25.0420 5836 Symc8xx - ok
17:34:25.0441 5836 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:34:25.0467 5836 Sym_hi - ok
17:34:25.0490 5836 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:34:25.0517 5836 Sym_u3 - ok
17:34:25.0567 5836 SynTP (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys
17:34:25.0601 5836 SynTP - ok
17:34:25.0721 5836 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:34:25.0813 5836 Tcpip - ok
17:34:25.0870 5836 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:34:25.0940 5836 Tcpip6 - ok
17:34:25.0982 5836 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:34:26.0046 5836 tcpipreg - ok
17:34:26.0101 5836 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:34:26.0176 5836 TDPIPE - ok
17:34:26.0221 5836 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:34:26.0293 5836 TDTCP - ok
17:34:26.0345 5836 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:34:26.0408 5836 tdx - ok
17:34:26.0445 5836 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:34:26.0476 5836 TermDD - ok
17:34:26.0565 5836 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:26.0635 5836 tssecsrv - ok
17:34:26.0785 5836 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
17:34:26.0805 5836 TuneUpUtilitiesDrv - ok
17:34:26.0874 5836 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:34:26.0920 5836 tunmp - ok
17:34:26.0968 5836 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:34:27.0013 5836 tunnel - ok
17:34:27.0060 5836 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
17:34:27.0087 5836 uagp35 - ok
17:34:27.0131 5836 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:34:27.0184 5836 udfs - ok
17:34:27.0227 5836 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:34:27.0254 5836 uliagpkx - ok
17:34:27.0288 5836 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:34:27.0321 5836 uliahci - ok
17:34:27.0348 5836 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:34:27.0378 5836 UlSata - ok
17:34:27.0410 5836 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:34:27.0442 5836 ulsata2 - ok
17:34:27.0497 5836 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:34:27.0551 5836 umbus - ok
17:34:27.0624 5836 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:27.0694 5836 usbccgp - ok
17:34:27.0735 5836 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:34:27.0854 5836 usbcir - ok
17:34:27.0909 5836 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:34:27.0964 5836 usbehci - ok
17:34:28.0013 5836 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:34:28.0079 5836 usbhub - ok
17:34:28.0121 5836 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:34:28.0230 5836 usbohci - ok
17:34:28.0275 5836 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:34:28.0343 5836 usbprint - ok
17:34:28.0422 5836 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:34:28.0465 5836 usbscan - ok
17:34:28.0507 5836 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:28.0546 5836 USBSTOR - ok
17:34:28.0602 5836 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:34:28.0655 5836 usbuhci - ok
17:34:28.0710 5836 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
17:34:28.0830 5836 usbvideo - ok
17:34:28.0885 5836 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:28.0989 5836 vga - ok
17:34:29.0046 5836 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:34:29.0122 5836 VgaSave - ok
17:34:29.0160 5836 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:34:29.0186 5836 viaagp - ok
17:34:29.0212 5836 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:34:29.0315 5836 ViaC7 - ok
17:34:29.0348 5836 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
17:34:29.0374 5836 viaide - ok
17:34:29.0406 5836 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:34:29.0434 5836 volmgr - ok
17:34:29.0497 5836 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:34:29.0539 5836 volmgrx - ok
17:34:29.0578 5836 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:34:29.0618 5836 volsnap - ok
17:34:29.0672 5836 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:34:29.0700 5836 vsmraid - ok
17:34:29.0740 5836 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:34:29.0840 5836 WacomPen - ok
17:34:29.0891 5836 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:29.0946 5836 Wanarp - ok
17:34:29.0953 5836 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:30.0006 5836 Wanarpv6 - ok
17:34:30.0070 5836 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:34:30.0094 5836 Wd - ok
17:34:30.0146 5836 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:34:30.0196 5836 Wdf01000 - ok
17:34:30.0304 5836 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
17:34:30.0373 5836 winusb - ok
17:34:30.0425 5836 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:34:30.0483 5836 WmiAcpi - ok
17:34:30.0577 5836 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:34:30.0652 5836 WpdUsb - ok
17:34:30.0735 5836 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:34:30.0807 5836 ws2ifsl - ok
17:34:30.0873 5836 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:30.0948 5836 WUDFRd - ok
17:34:31.0016 5836 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
17:34:31.0037 5836 X10Hid - ok
17:34:31.0081 5836 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
17:34:31.0097 5836 XUIF - ok
17:34:31.0126 5836 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:34:31.0256 5836 \Device\Harddisk0\DR0 - ok
17:34:31.0263 5836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
17:34:31.0444 5836 \Device\Harddisk2\DR2 - ok
17:34:31.0449 5836 Boot (0x1200) (5b325fa6da193ac1f8b5ac3e1edfa415) \Device\Harddisk0\DR0\Partition0
17:34:31.0450 5836 \Device\Harddisk0\DR0\Partition0 - ok
17:34:31.0458 5836 Boot (0x1200) (f5bba773cc17d10c649b6715d81d63ad) \Device\Harddisk0\DR0\Partition1
17:34:31.0460 5836 \Device\Harddisk0\DR0\Partition1 - ok
17:34:31.0469 5836 Boot (0x1200) (0b987d3983c4e08162e15b213dd4a995) \Device\Harddisk2\DR2\Partition0
17:34:31.0471 5836 \Device\Harddisk2\DR2\Partition0 - ok
17:34:31.0473 5836 ============================================================
17:34:31.0473 5836 Scan finished
17:34:31.0473 5836 ============================================================
17:34:31.0495 6080 Detected object count: 0
17:34:31.0495 6080 Actual detected object count: 0
|
|
02.01.2012, 20:49
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.01.2012, 12:09
| #12 |
| | Dateien nur noch als Verknüpfung auf externer FP Combofix Logfile: Code:
ATTFilter ComboFix 12-01-03.03 - Dennis 03.01.2012 11:36:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.359 [GMT 1:00]
ausgeführt von:: c:\users\Dennis\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\IDropPTB.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-03 bis 2012-01-03 ))))))))))))))))))))))))))))))
.
.
2012-01-03 10:49 . 2012-01-03 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-03 10:27 . 2012-01-03 10:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2C4E30D-A180-4368-9BD1-3AED2CD2B7D1}\offreg.dll
2012-01-03 10:27 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2C4E30D-A180-4368-9BD1-3AED2CD2B7D1}\mpengine.dll
2012-01-02 11:27 . 2012-01-02 11:27 -------- d-----w- C:\_OTL
2011-12-30 15:39 . 2011-12-30 15:39 -------- d-----w- c:\programdata\Malwarebytes
2011-12-30 15:39 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 19:17 . 2011-12-28 19:17 -------- d-----w- c:\program files\ESET
2011-12-28 13:55 . 2011-12-28 13:55 -------- d-----w- c:\users\Dennis\AppData\Roaming\Avira
2011-12-28 13:44 . 2011-12-28 17:47 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-28 13:44 . 2011-12-28 17:47 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-28 13:44 . 2011-12-28 13:44 -------- d-----w- c:\program files\Avira
2011-12-16 15:18 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-16 15:18 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-16 15:18 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-16 15:18 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 15:18 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-16 15:18 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-16 15:18 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 17:29 . 2011-11-23 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-18 15:39 . 2011-09-30 18:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 13:29 . 2009-10-02 17:18 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-25 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-09-04 2560000]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\Home Cinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 18:51 71216 ----a-w- c:\program files\Home Cinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-25 21:37 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 13:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 133104]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-12-28 340136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-28 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-28 428200]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 MDESIGN License Manager;MDESIGN License Manager;d:\mdesign\MDESIGN\lmgrd.exe [2006-06-30 1339392]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256]
S3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPService REG_MULTI_SZ HPSLPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 18:07]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 18:07]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{2CA5B97C-2E80-401D-B6D3-12ED15CD9318}.job
- c:\windows\system32\msfeedssync.exe [2011-12-16 04:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 94.31.65.69
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-03 11:49
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\TEMP\TMP0000003AFA0921435EEDC3FE 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-01-03 11:53:45
ComboFix-quarantined-files.txt 2012-01-03 10:53
.
Vor Suchlauf: 10 Verzeichnis(se), 34.193.080.320 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 34.797.125.632 Bytes frei
.
- - End Of File - - 6EC96E7D81450F41335B7E838A59A41B
|
|
03.01.2012, 19:54
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nur noch als Verknüpfung auf externer FP Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.01.2012, 21:52
| #14 |
| | Dateien nur noch als Verknüpfung auf externer FP OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:51:06 on 03.01.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\Windows\system32\ddbacctm.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl "styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl "trueprint.cpl" - "AuthenTec, Inc." - C:\Windows\system32\trueprint.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Dennis\AppData\Local\Temp\catchme.sys (File not found) "File Security Driver" (IKFileSec) - "PCTools Research Pty Ltd." - C:\Windows\system32\drivers\ikfilesec.sys "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "System Filter Driver" (IKSysFlt) - "PCTools Research Pty Ltd." - C:\Windows\System32\drivers\iksysflt.sys "System Security Driver" (IKSysSec) - "PCTools Research Pty Ltd." - C:\Windows\System32\drivers\iksyssec.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {ADC46291-D8A1-4486-A24C-86FFB392AEFA} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll {5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {27887764-0D0A-4C3C-B0C6-91A332FFF6A7} "DWFVShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWF_VShell.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? - (File not found | COM-object registry key not found) {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? - (File not found | COM-object registry key not found) {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? - (File not found | COM-object registry key not found) {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "TIShelEx Shell Extension" - ? - (File not found | COM-object registry key not found) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) {ABE00001-0123-ABED-1248-0248ADFA1909} "Zoom Player ShellExt" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? - (File not found | COM-object registry key not found) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx / hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1225031161 {BA162249-F2C5-4851-8ADC-FC58CB424243} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716 {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab {4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}" - ? - (File not found | COM-object registry key not found) / hxxp://game13.zylom.com/activex/zylomgamesplayer.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON V3 2KMonitor64" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_SL2064.DLL "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "AST Service" (astcc) - "Nalpeiron Ltd." - C:\Windows\system32\AstSrv.exe "Autodesk Data Management Job Dispatch" (Autodesk Data Management Job Dispatch) - "Autodesk" - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe "Autodesk Licensing Service" (Autodesk Licensing Service) - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe "GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "MDESIGN License Manager" (MDESIGN License Manager) - "Macrovision Corporation" - D:\MDESIGN\MDESIGN\lmgrd.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PC Tools Auxiliary Service" (sdAuxService) - ? - C:\Program Files\Spyware Doctor\pctsAuxs.exe (File not found) "PC Tools Security Service" (sdCoreService) - ? - C:\Program Files\Spyware Doctor\pctsSvc.exe (File not found) "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe "Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe "SQL Server (AUTODESKVAULT)" (MSSQL$AUTODESKVAULT) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] |
|
03.01.2012, 22:25
| #15 |
| | Dateien nur noch als Verknüpfung auf externer FPCode:
ATTFilter aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2012-01-03 21:55:25
-----------------------------
21:55:25.149 OS Version: Windows 6.0.6002 Service Pack 2
21:55:25.150 Number of processors: 2 586 0xF0D
21:55:25.156 ComputerName: DENNIS-PC UserName: Dennis
21:55:26.023 Initialize success
21:56:06.313 AVAST engine defs: 12010300
21:56:38.379 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:56:38.383 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
21:56:38.395 Disk 0 MBR read successfully
21:56:38.400 Disk 0 MBR scan
21:56:38.410 Disk 0 Windows VISTA default MBR code
21:56:38.415 Disk 0 Partition - 00 0F Extended LBA 27093 MB offset 257088195
21:56:38.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 125531 MB offset 63
21:56:38.454 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 27093 MB offset 257088258
21:56:38.469 Disk 0 scanning sectors +312576705
21:56:38.553 Disk 0 scanning C:\Windows\system32\drivers
21:56:56.969 Service scanning
21:56:58.762 Modules scanning
21:57:06.458 Disk 0 trace - called modules:
21:57:06.487 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:57:06.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864b5668]
21:57:06.505 3 CLASSPNP.SYS[887bc8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8560f030]
21:57:07.541 AVAST engine scan C:\Windows
21:57:19.437 AVAST engine scan C:\Windows\system32
22:01:55.536 AVAST engine scan C:\Windows\system32\drivers
22:02:13.560 AVAST engine scan C:\Users\Dennis
22:16:06.171 AVAST engine scan C:\ProgramData
22:19:48.846 Scan finished successfully
22:24:35.903 Disk 0 MBR has been saved successfully to "C:\Users\Dennis\Documents\MBR.dat"
22:24:35.919 The log file has been saved successfully to "C:\Users\Dennis\Documents\aswMBR.txt"
|
|
| Themen zu Dateien nur noch als Verknüpfung auf externer FP |
| anleitung, dateien, downloader, erstellen, escan, externer, files, found, gepostet, installer, log-file, onlinescan, probleme, sache, schonmal, service, sound, stelle, system, toolbar, verknüpfung, version, volume, worm |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
