| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.12.2011, 21:31
| #1 |
 |  Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Ich war auf einer Internetseite (keine dubiose auch wenn ihr es mir nicht glaubt :-) ) Da sprang Antivir an und hat folgendes gefunden: ------- Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\Daniel\AppData\Local\Temp\D4C8.tmp' Der zu durchsuchende Pfad C:\Users\Daniel\AppData\Local\Temp\D4C8.tmp konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Users\Daniel\AppData\Local\dplayx.dll' C:\Users\Daniel\AppData\Local\dplayx.dll [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen Beginne mit der Desinfektion: C:\Users\Daniel\AppData\Local\dplayx.dll [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b843360.qua' verschoben! -------- Danach hab ich eine Systemprüfung gemacht und er meinte folgendes: Komisch ist, dass er meint er hätte 7 Viren gefunden, in die Quarantäne hat er aber nur 2 verschoben Wäre toll, wenn ihr mir helfen könntet, Avira AntiVir Professional Erstellungsdatum der Reportdatei: Donnerstag, 29. Dezember 2011 17:57 Es wird nach 2993358 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : xxxxxxxxxxxxxxxxxxx Seriennummer : xxxxxxxxxxxx Plattform : Windows 7 x64 Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Daniel Computername : DANIEL-LAPTOP Versionsinformationen: BUILD.DAT : 10.2.0.1060 41553 Bytes 28.09.2011 12:58:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 17.10.2011 19:00:09 AVSCAN.DLL : 10.0.5.0 57192 Bytes 07.07.2011 09:08:21 LUKE.DLL : 10.3.0.5 45416 Bytes 07.07.2011 09:08:21 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 12:22:40 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 07.07.2011 09:08:22 AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 07:42:08 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 05:52:59 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:19:03 VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 07:19:03 VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 07:19:03 VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 07:19:03 VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 07:19:03 VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 07:19:03 VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 07:19:03 VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 07:19:03 VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 07:19:03 VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 07:19:03 VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 07:19:03 VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 15:56:49 VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 15:56:49 VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 15:56:49 VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 15:54:55 VBASE017.VDF : 7.11.20.71 2048 Bytes 29.12.2011 15:54:55 VBASE018.VDF : 7.11.20.72 2048 Bytes 29.12.2011 15:54:55 VBASE019.VDF : 7.11.20.73 2048 Bytes 29.12.2011 15:54:55 VBASE020.VDF : 7.11.20.74 2048 Bytes 29.12.2011 15:54:55 VBASE021.VDF : 7.11.20.75 2048 Bytes 29.12.2011 15:54:55 VBASE022.VDF : 7.11.20.76 2048 Bytes 29.12.2011 15:54:55 VBASE023.VDF : 7.11.20.77 2048 Bytes 29.12.2011 15:54:55 VBASE024.VDF : 7.11.20.78 2048 Bytes 29.12.2011 15:54:55 VBASE025.VDF : 7.11.20.79 2048 Bytes 29.12.2011 15:54:55 VBASE026.VDF : 7.11.20.80 2048 Bytes 29.12.2011 15:54:55 VBASE027.VDF : 7.11.20.81 2048 Bytes 29.12.2011 15:54:55 VBASE028.VDF : 7.11.20.82 2048 Bytes 29.12.2011 15:54:55 VBASE029.VDF : 7.11.20.83 2048 Bytes 29.12.2011 15:54:55 VBASE030.VDF : 7.11.20.84 2048 Bytes 29.12.2011 15:54:55 VBASE031.VDF : 7.11.20.88 25088 Bytes 29.12.2011 15:54:55 Engineversion : 8.2.8.14 AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 19:48:53 AESCRIPT.DLL : 8.1.3.95 479612 Bytes 28.12.2011 15:56:51 AESCN.DLL : 8.1.7.2 127349 Bytes 21.04.2011 05:52:28 AESBX.DLL : 8.2.4.5 434549 Bytes 01.12.2011 16:39:33 AERDL.DLL : 8.1.9.15 639348 Bytes 09.09.2011 05:52:30 AEPACK.DLL : 8.2.15.1 770423 Bytes 14.12.2011 07:41:40 AEOFFICE.DLL : 8.1.2.24 201084 Bytes 16.12.2011 07:32:20 AEHEUR.DLL : 8.1.3.12 4268407 Bytes 28.12.2011 15:56:51 AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 19:48:50 AEGEN.DLL : 8.1.5.17 405877 Bytes 09.12.2011 07:58:55 AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 05:52:17 AECORE.DLL : 8.1.24.3 201079 Bytes 28.12.2011 15:56:50 AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 05:52:16 AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:52:39 AVPREF.DLL : 10.0.3.2 44904 Bytes 07.07.2011 09:08:21 AVREP.DLL : 10.0.0.10 174120 Bytes 07.07.2011 09:08:22 AVARKT.DLL : 10.0.26.1 255336 Bytes 07.07.2011 09:08:21 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 07.07.2011 09:08:21 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.10.2011 19:00:32 AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 05:52:38 NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 05:52:50 RCIMAGE.DLL : 10.0.0.33 2858344 Bytes 17.10.2011 18:59:22 RCTEXT.DLL : 10.0.63.0 98664 Bytes 17.10.2011 18:59:23 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Festplatten Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldiscs.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Donnerstag, 29. Dezember 2011 17:57 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmplayer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avmailc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '206' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\69d6f811-15ab003b [0] Archivtyp: ZIP --> data/MyApplet.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.LB --> data/MyLoader.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.AD --> data/MyPayload.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.AE C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7b73873b-6f25f2a3 [0] Archivtyp: ZIP --> apps/MyApplet.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.AG --> apps/MyWorker.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.AF Beginne mit der Desinfektion: C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7b73873b-6f25f2a3 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.AG [HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! [HINWEIS] Die Datei existiert nicht! C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\69d6f811-15ab003b [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.LB [HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! [HINWEIS] Die Datei existiert nicht! Ende des Suchlaufs: Donnerstag, 29. Dezember 2011 20:46 Benötigte Zeit: 2:46:51 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 36264 Verzeichnisse wurden überprüft 777034 Dateien wurden geprüft 7 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 777027 Dateien ohne Befall 8071 Archive wurden durchsucht 0 Warnungen 2 Hinweise Hier der Malwarelog: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.29.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: DANIEL-LAPTOP [Administrator] 29.12.2011 18:35:09 mbam-log-2011-12-29 (18-35-09).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 409471 Laufzeit: 2 Stunde(n), 12 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Local\dplaysvr.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Daniel\AppData\Local\dplaysvr.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL-LOGOTL Logfile: Code:
ATTFilter OTL logfile created on: 29.12.2011 21:45:44 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,71% Memory free 7,93 Gb Paging File | 5,97 Gb Available in Paging File | 75,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,17 Gb Total Space | 379,97 Gb Free Space | 63,74% Space Free | Partition Type: NTFS Computer Name: DANIEL-LAPTOP | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.29 21:40:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe PRC - [2011.12.29 14:40:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.10.17 20:00:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.17 20:00:12 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2011.10.17 20:00:07 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.10.17 20:00:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.17 20:00:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ========== Modules (No Company Name) ========== MOD - [2011.12.29 14:40:19 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.24 17:31:12 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.05.25 04:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.29 17:52:00 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.17 20:00:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.17 20:00:12 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.17 20:00:07 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.10.17 20:00:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.10.17 20:00:48 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.17 20:00:46 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.25 05:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.05.25 05:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.25 03:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 19:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.19 11:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2010.12.02 11:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2010.12.02 11:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.12.02 11:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2010.12.02 11:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010.02.16 12:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.12.18 16:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2006.11.18 12:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2006.11.17 16:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV - [2010.12.18 12:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2010.03.13 11:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/10/21 09:46:55] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.05.25 08:39:14 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Daniel\Utilities\rmclock\RTCore64.sys -- (RTCore64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC BD A6 4C 5D 95 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ant.com" FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.12.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 14:40:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.05 15:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2011.12.29 14:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\nuz53mo2.default\extensions [2011.12.29 14:42:27 | 000,001,177 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nuz53mo2.default\searchplugins\geizhalsat-deutschland.xml [2011.12.29 14:42:28 | 000,002,508 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nuz53mo2.default\searchplugins\grooveshark-audio-auto-search.xml [2011.12.01 14:34:08 | 000,001,925 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nuz53mo2.default\searchplugins\youtube-deutschland.xml [2011.11.10 09:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NUZ53MO2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.29 14:40:19 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Adblock Plus f\u00FCr Google Chrome\u2122 (Beta) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\ CHR - Extension: Stoppuhr / Timer = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.4_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A1EEAD6-CB7A-49DD-8537-02ED66FB3EE5}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D6C82E-57BC-4E37-BD4D-5C06316B043F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.29 18:33:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2011.12.29 18:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.29 18:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.29 18:33:28 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.29 18:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.16 10:06:04 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Canneverbe Limited [2011.12.16 10:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2011.12.16 10:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2011.12.15 03:03:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.15 03:03:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.15 03:03:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.15 03:03:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.15 03:03:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.15 03:03:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.15 03:03:06 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.15 03:03:06 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.12.15 03:03:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.12.15 03:03:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.15 03:03:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.15 03:01:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.14 08:53:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.14 08:53:31 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.14 08:53:30 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.13 19:53:51 | 000,258,560 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM93.DLL [2011.12.11 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Music [2011.12.11 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\fm.bandit.desktop [2011.12.11 10:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bandit.fm download manager [2011.12.11 10:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011.12.11 09:45:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.jenny [2011.12.09 13:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons [2011.12.09 13:50:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\1&1 Mail & Media GmbH [2011.12.07 01:26:40 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2011.11.30 15:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Xara ========== Files - Modified Within 30 Days ========== [2011.12.29 21:41:20 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.29 21:41:20 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.29 21:40:22 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2011.12.29 21:33:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.29 21:33:41 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys [2011.12.29 21:30:16 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001UA.job [2011.12.29 11:30:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001Core.job [2011.12.28 18:49:36 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.28 18:49:36 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.28 18:49:36 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.28 18:49:36 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.28 18:49:36 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.22 14:16:41 | 000,000,024 | ---- | M] () -- C:\Users\Daniel\.gdocs.dat [2011.12.22 11:42:22 | 302,166,016 | ---- | M] () -- C:\Users\Daniel\Desktop\Sonja.mpg [2011.12.16 08:33:31 | 000,002,411 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk [2011.12.15 03:26:31 | 000,524,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.12 12:41:57 | 000,020,091 | ---- | M] () -- C:\Users\Daniel\.recently-used.xbel [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.09 10:25:16 | 000,001,910 | ---- | M] () -- C:\Users\Daniel\Desktop\Öffentliche Dokumente.lnk [2011.12.07 01:26:40 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2011.12.03 15:09:07 | 527,627,532 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2011.12.29 21:40:22 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2011.12.22 11:20:32 | 302,166,016 | ---- | C] () -- C:\Users\Daniel\Desktop\Sonja.mpg [2011.12.16 10:04:57 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2011.12.12 12:41:57 | 000,020,091 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel [2011.12.11 10:40:22 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bandit.fm download manager.lnk [2011.09.14 14:50:21 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.09.12 13:24:24 | 000,004,608 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.18 12:04:17 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.07.05 18:06:07 | 000,007,637 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg [2011.07.05 14:54:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll ========== LOP Check ========== [2011.12.09 13:50:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\1&1 Mail & Media GmbH [2011.09.16 19:26:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Amazon [2011.12.10 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BOM [2011.12.16 10:06:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canneverbe Limited [2011.09.16 13:51:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CMInfo [2011.10.05 08:40:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ComSquare [2011.09.30 08:11:22 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Digiarty [2011.07.13 09:16:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\EAC [2011.12.11 10:40:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\fm.bandit.desktop [2011.12.03 09:14:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0 [2011.09.07 15:08:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\inkscape [2011.07.07 09:19:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\IrfanView [2011.11.30 15:50:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MAGIX [2011.07.06 07:58:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org [2011.07.18 12:04:22 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Red Alert 3 [2011.11.26 09:52:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Swiss Academic Software [2011.07.07 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thinstall [2011.07.06 08:49:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent [2009.07.14 06:08:49 | 000,014,994 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von deegee85 (29.12.2011 um 21:52 Uhr) |
|
29.12.2011, 22:03
| #2 |
| | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Und hier noch der Custom-LOG von OTR
__________________PRC - [2011.12.29 21:40:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.10.17 20:00:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.17 20:00:12 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2011.10.17 20:00:07 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.10.17 20:00:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.17 20:00:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SRV:64bit: - [2011.05.25 04:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.29 17:52:00 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.17 20:00:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.17 20:00:12 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.17 20:00:07 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.10.17 20:00:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.10.17 20:00:48 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.17 20:00:46 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.25 05:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.05.25 05:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.25 03:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 19:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.19 11:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2010.12.02 11:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2010.12.02 11:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.12.02 11:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2010.12.02 11:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010.02.16 12:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.12.18 16:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2006.11.18 12:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2006.11.17 16:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV - [2010.12.18 12:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2010.03.13 11:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/10/21 09:46:55] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.05.25 08:39:14 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Daniel\Utilities\rmclock\RTCore64.sys -- (RTCore64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC BD A6 4C 5D 95 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ant.com" FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.12.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 14:40:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.05 15:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2011.12.29 14:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\nuz53mo2.default\extensions [2011.12.29 14:42:27 | 000,001,177 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nuz53mo2.default\searchplugins\geizhalsat-deutschland.xml [2011.12.29 14:42:28 | 000,002,508 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nuz53mo2.default\searchplugins\grooveshark-audio-auto-search.xml [2011.12.01 14:34:08 | 000,001,925 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nuz53mo2.default\searchplugins\youtube-deutschland.xml [2011.11.10 09:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NUZ53MO2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Adblock Plus f\u00FCr Google Chrome\u2122 (Beta) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\ CHR - Extension: Stoppuhr / Timer = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.4_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A1EEAD6-CB7A-49DD-8537-02ED66FB3EE5}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D6C82E-57BC-4E37-BD4D-5C06316B043F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TrayServer - hkey= - key= - C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe (MAGIX AG) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.29 18:33:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2011.12.29 18:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.29 18:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.29 18:33:28 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.29 18:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.16 10:06:04 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Canneverbe Limited [2011.12.16 10:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2011.12.16 10:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2011.12.15 03:01:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.11 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Music [2011.12.11 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\fm.bandit.desktop [2011.12.11 10:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bandit.fm download manager [2011.12.11 10:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011.12.11 09:45:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.jenny [2011.12.09 13:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons [2011.12.09 13:50:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\1&1 Mail & Media GmbH [2011.11.30 15:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Xara ========== Files - Modified Within 30 Days ========== [2011.12.29 21:41:20 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.29 21:41:20 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.29 21:40:22 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2011.12.29 21:33:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.29 21:33:41 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys [2011.12.29 21:30:16 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001UA.job [2011.12.29 11:30:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001Core.job [2011.12.28 18:49:36 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.28 18:49:36 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.28 18:49:36 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.28 18:49:36 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.28 18:49:36 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.22 14:16:41 | 000,000,024 | ---- | M] () -- C:\Users\Daniel\.gdocs.dat [2011.12.22 11:42:22 | 302,166,016 | ---- | M] () -- C:\Users\Daniel\Desktop\Sonja.mpg [2011.12.16 08:33:31 | 000,002,411 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk [2011.12.15 03:26:31 | 000,524,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.12 12:41:57 | 000,020,091 | ---- | M] () -- C:\Users\Daniel\.recently-used.xbel [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.09 10:25:16 | 000,001,910 | ---- | M] () -- C:\Users\Daniel\Desktop\Öffentliche Dokumente.lnk [2011.12.03 15:09:07 | 527,627,532 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2011.12.29 21:40:22 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2011.12.22 11:20:32 | 302,166,016 | ---- | C] () -- C:\Users\Daniel\Desktop\Sonja.mpg [2011.12.16 10:04:57 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2011.12.12 12:41:57 | 000,020,091 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel [2011.12.11 10:40:22 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bandit.fm download manager.lnk [2011.09.14 14:50:21 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.09.12 13:24:24 | 000,004,608 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.18 12:04:17 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.07.05 18:06:07 | 000,007,637 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg [2011.07.05 14:54:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll ========== LOP Check ========== [2011.12.09 13:50:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\1&1 Mail & Media GmbH [2011.09.16 19:26:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Amazon [2011.12.10 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BOM [2011.12.16 10:06:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canneverbe Limited [2011.09.16 13:51:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CMInfo [2011.10.05 08:40:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ComSquare [2011.09.30 08:11:22 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Digiarty [2011.07.13 09:16:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\EAC [2011.12.11 10:40:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\fm.bandit.desktop [2011.12.03 09:14:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0 [2011.09.07 15:08:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\inkscape [2011.07.07 09:19:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\IrfanView [2011.11.30 15:50:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MAGIX [2011.07.06 07:58:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org [2011.07.18 12:04:22 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Red Alert 3 [2011.11.26 09:52:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Swiss Academic Software [2011.07.07 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thinstall [2011.07.06 08:49:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent [2009.07.14 06:08:49 | 000,014,994 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.12.12 10:28:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.07.07 11:30:50 | 000,000,000 | ---D | M] -- C:\AMD [2011.07.05 15:11:05 | 000,000,000 | ---D | M] -- C:\ATI [2011.07.05 19:53:13 | 000,000,000 | -HSD | M] -- C:\Boot [2011.12.15 03:25:57 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.07.05 15:51:48 | 000,000,000 | ---D | M] -- C:\dell [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.07.05 14:59:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.07.05 17:45:01 | 000,000,000 | ---D | M] -- C:\Intel [2011.07.05 20:18:55 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.09 13:56:02 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.29 18:33:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.29 18:33:29 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.07.05 14:59:41 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.05 14:59:41 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.29 21:56:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.05 14:59:52 | 000,000,000 | R--D | M] -- C:\Users [2011.12.03 15:09:07 | 000,000,000 | ---D | M] -- C:\Windows [2011.10.14 12:47:56 | 000,000,000 | -HSD | M] -- C:\~LD < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > Mist ich habe gerade bemerkt, dass ich es zielsicher ins falsche Unterforum gestellt habe. Könnte es ein Mod bitte in die Log-Untersektion verschieben? LG Daniel |
|
30.12.2011, 23:01
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
31.12.2011, 09:44
| #4 |
| | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Hi, Danke für die Antwort. Ich habe mit Malwarebytes nur im Zusammenhang mit dem Virusfund gescannt. Hier aber alle Logs die dort stehen: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.29.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: DANIEL-LAPTOP [Administrator] 29.12.2011 18:35:09 mbam-log-2011-12-29 (18-35-09).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 409471 Laufzeit: 2 Stunde(n), 12 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Local\dplaysvr.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Daniel\AppData\Local\dplaysvr.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.29.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: DANIEL-LAPTOP [Administrator] Schutz: Aktiviert 29.12.2011 21:37:12 mbam-log-2011-12-29 (21-37-12).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 138812 Laufzeit: 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.30.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: DANIEL-LAPTOP [Administrator] Schutz: Deaktiviert 30.12.2011 16:25:26 mbam-log-2011-12-30 (16-25-26).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 41578 Laufzeit: 21 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
31.12.2011, 15:46
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.01.2012, 16:52
| #6 |
| | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Danke für die Rückmeldung :-) Hier der LOG ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=2852ea4d87ce864c86cf5ba5ef1a01a1 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-01 12:19:22 # local_time=2012-01-01 01:19:22 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 190895 190895 0 0 # compatibility_mode=5893 16776573 100 94 157627 77049624 0 0 # compatibility_mode=8192 67108863 100 0 3742 3742 0 0 # scanned=18 # found=0 # cleaned=0 # scan_time=587 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=2852ea4d87ce864c86cf5ba5ef1a01a1 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-01-01 03:22:40 # local_time=2012-01-01 04:22:40 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 191544 191544 0 0 # compatibility_mode=5893 16776573 100 94 158276 77050273 0 0 # compatibility_mode=8192 67108863 100 0 4391 4391 0 0 # scanned=254804 # found=0 # cleaned=0 # scan_time=10936 |
|
02.01.2012, 12:29
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 13:43
| #8 |
| | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Hier die Log-DateiOTL Logfile: Code:
ATTFilter OTL logfile created on: 02.01.2012 13:13:04 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,65% Memory free 7,93 Gb Paging File | 5,65 Gb Available in Paging File | 71,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,17 Gb Total Space | 371,76 Gb Free Space | 62,36% Space Free | Partition Type: NTFS Computer Name: DANIEL-LAPTOP | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.29 21:40:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe PRC - [2011.12.29 14:40:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.15 15:14:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 15:14:28 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2011.12.15 15:14:26 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.12.15 15:14:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 15:14:25 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.09.05 18:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ========== Modules (No Company Name) ========== MOD - [2011.12.29 14:40:19 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.24 17:31:12 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.10.07 08:04:02 | 003,718,144 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Citavi Picker\CitaviPicker.api MOD - [2011.09.18 10:41:36 | 000,045,568 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU MOD - [2011.09.16 08:29:22 | 000,014,336 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU MOD - [2011.09.16 08:29:18 | 001,179,648 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU MOD - [2011.09.16 08:29:18 | 000,100,352 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU MOD - [2011.09.16 08:29:17 | 001,311,744 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU MOD - [2011.09.16 08:29:17 | 000,316,416 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU MOD - [2011.09.16 08:28:48 | 009,364,480 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu MOD - [2011.09.05 18:04:58 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU MOD - [2011.09.05 18:04:56 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.23 14:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV:64bit: - [2011.05.25 04:03:38 | 000,204,288 | ---- | M] (AMD) [Disabled | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.15 15:14:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 15:14:28 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.12.15 15:14:26 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.12.15 15:14:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.29 17:52:00 | 000,419,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.15 15:14:51 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.12.15 15:14:50 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.15 15:14:50 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.05.25 05:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.05.25 05:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.25 03:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 19:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.19 11:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2010.12.02 11:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2010.12.02 11:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.12.02 11:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2010.12.02 11:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010.02.16 12:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.12.18 16:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2006.11.18 12:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2006.11.17 16:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV - [2011.11.23 14:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2010.03.13 11:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/10/21 09:46:55] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.05.25 08:39:14 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Daniel\Utilities\rmclock\RTCore64.sys -- (RTCore64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ant.com" FF - prefs.js..browser.search.selectedEngine: "YouTube Deutschland" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.12.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 14:40:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.30 18:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.30 18:00:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.12.29 14:40:19 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Disabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Disabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Disabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Adblock Plus f\u00FCr Google Chrome\u2122 (Beta) = \Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\ CHR - Extension: Stoppuhr / Timer = \Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.4_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A1EEAD6-CB7A-49DD-8537-02ED66FB3EE5}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D6C82E-57BC-4E37-BD4D-5C06316B043F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig:64bit - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TrayServer - hkey= - key= - C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe (MAGIX AG) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.02 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Gesprächsanalyse und Gesprächsdidaktik WS11-12 [2012.01.01 17:10:56 | 000,000,000 | R--D | C] -- C:\Sandbox [2012.01.01 17:10:56 | 000,000,000 | R--D | C] -- \Sandbox [2012.01.01 17:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2012.01.01 17:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2012.01.01 13:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.31 09:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.12.31 09:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com [2011.12.30 23:18:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.30 23:18:00 | 000,000,000 | -HSD | C] -- \Config.Msi [2011.12.30 18:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.12.30 18:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.30 18:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.12.30 17:55:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos [2011.12.30 17:55:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures [2011.12.30 17:55:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music [2011.12.30 17:55:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links [2011.12.30 17:55:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites [2011.12.30 17:55:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads [2011.12.30 17:55:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents [2011.12.30 17:55:19 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies [2011.12.30 17:55:19 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten [2011.12.30 17:55:19 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData [2011.12.30 17:55:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\Saved Games [2011.12.30 09:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.30 09:08:03 | 000,139,512 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2011.12.30 09:08:03 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.30 09:08:03 | 000,113,768 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2011.12.30 09:08:03 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.30 09:08:03 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.30 09:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.30 09:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.12.29 18:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.29 18:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.29 18:33:28 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.29 18:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.16 10:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2011.12.16 10:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2011.12.09 13:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons ========== Files - Modified Within 30 Days ========== [2012.01.02 13:12:52 | 000,002,080 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.01.02 12:30:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001UA.job [2012.01.02 11:30:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001Core.job [2012.01.02 11:21:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.01 19:42:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.01 19:42:37 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.01 19:42:37 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.01 19:42:37 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.01 19:42:37 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.31 09:55:32 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2011.12.31 09:27:47 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.31 09:27:47 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.30 18:19:34 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys [2011.12.30 09:08:13 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.26 13:21:46 | 000,013,321 | ---- | M] () -- C:\Users\Public\Documents\Unbenannte Tabelle.ods [2011.12.18 13:51:38 | 000,060,940 | ---- | M] () -- C:\Users\Public\Documents\Kündigung Mobilcom Claudia.pdf [2011.12.15 15:14:51 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.15 15:14:50 | 000,139,512 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2011.12.15 15:14:50 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.15 15:14:50 | 000,113,768 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2011.12.15 15:14:50 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.15 03:26:31 | 000,524,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.03 15:09:07 | 527,627,532 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2012.01.02 13:23:13 | 000,280,263 | ---- | C] () -- C:\Users\Public\Documents\schmidt_micro_blogs_preprint.pdf [2012.01.02 13:23:07 | 000,060,940 | ---- | C] () -- C:\Users\Public\Documents\Kündigung Mobilcom Claudia.pdf [2012.01.02 13:23:05 | 000,013,321 | ---- | C] () -- C:\Users\Public\Documents\Unbenannte Tabelle.ods [2012.01.01 17:09:33 | 000,002,080 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.12.30 09:08:13 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.16 10:04:57 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2011.09.14 14:50:21 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.07.18 12:04:17 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.07.05 15:51:31 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2011.07.05 15:51:30 | 000,383,786 | RHS- | C] () -- \bootmgr [2011.07.05 14:54:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.07.05 14:52:09 | 3193,585,664 | -HS- | C] () -- \hiberfil.sys [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll ========== LOP Check ========== [2009.07.14 06:08:49 | 000,016,002 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.30 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2011.12.31 09:53:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2011.12.11 10:40:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2011.12.30 18:00:46 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2011.12.31 09:51:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla [2011.12.31 09:51:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Swiss Academic Software < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\Temp\IIF2\Drivers\x64\iaStor.sys [2010.11.05 22:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\Temp\IIF2\Drivers\x32\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
02.01.2012, 14:19
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 15:23
| #10 |
| | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Hier das Ergebnis: ER hat RM Clock als mögliche Bedrohung angesehen. Es ist aber ein normales Programm. Ich habe es aber trotzdem in die Quarantäne verschoben... Code:
ATTFilter 15:13:16.0279 6020 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:13:17.0316 6020 ============================================================
15:13:17.0316 6020 Current date / time: 2012/01/02 15:13:17.0316
15:13:17.0316 6020 SystemInfo:
15:13:17.0316 6020
15:13:17.0316 6020 OS Version: 6.1.7601 ServicePack: 1.0
15:13:17.0316 6020 Product type: Workstation
15:13:17.0316 6020 ComputerName: DANIEL-LAPTOP
15:13:17.0316 6020 UserName: Admin
15:13:17.0316 6020 Windows directory: C:\Windows
15:13:17.0316 6020 System windows directory: C:\Windows
15:13:17.0317 6020 Running under WOW64
15:13:17.0317 6020 Processor architecture: Intel x64
15:13:17.0317 6020 Number of processors: 2
15:13:17.0317 6020 Page size: 0x1000
15:13:17.0317 6020 Boot type: Normal boot
15:13:17.0317 6020 ============================================================
15:13:21.0127 6020 Initialize success
15:13:51.0363 5500 ============================================================
15:13:51.0363 5500 Scan started
15:13:51.0363 5500 Mode: Manual; SigCheck; TDLFS;
15:13:51.0363 5500 ============================================================
15:14:21.0296 5500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:14:25.0163 5500 1394ohci - ok
15:14:25.0903 5500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:14:25.0984 5500 ACPI - ok
15:14:26.0584 5500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:14:27.0493 5500 AcpiPmi - ok
15:14:28.0279 5500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:14:28.0394 5500 adp94xx - ok
15:14:29.0162 5500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:14:29.0253 5500 adpahci - ok
15:14:30.0122 5500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:14:30.0248 5500 adpu320 - ok
15:14:30.0834 5500 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:14:31.0454 5500 AFD - ok
15:14:32.0225 5500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:14:32.0300 5500 agp440 - ok
15:14:32.0921 5500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:14:32.0967 5500 aliide - ok
15:14:33.0731 5500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:14:33.0788 5500 amdide - ok
15:14:34.0513 5500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:14:34.0753 5500 AmdK8 - ok
15:14:37.0234 5500 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
15:14:39.0344 5500 amdkmdag - ok
15:14:40.0402 5500 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
15:14:40.0492 5500 amdkmdap - ok
15:14:41.0078 5500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:14:41.0165 5500 AmdPPM - ok
15:14:41.0399 5500 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:14:41.0484 5500 amdsata - ok
15:14:41.0590 5500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:14:41.0674 5500 amdsbs - ok
15:14:41.0829 5500 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:14:41.0887 5500 amdxata - ok
15:14:42.0134 5500 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
15:14:42.0312 5500 androidusb - ok
15:14:44.0151 5500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:14:48.0543 5500 AppID - ok
15:14:49.0078 5500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:14:49.0147 5500 arc - ok
15:14:49.0360 5500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:14:49.0434 5500 arcsas - ok
15:14:49.0604 5500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:14:51.0425 5500 AsyncMac - ok
15:14:51.0902 5500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:14:52.0004 5500 atapi - ok
15:14:52.0477 5500 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
15:14:56.0137 5500 AtiHDAudioService - ok
15:14:59.0997 5500 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
15:15:00.0114 5500 atikmdag - ok
15:15:02.0445 5500 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
15:15:02.0533 5500 avgntflt - ok
15:15:03.0876 5500 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
15:15:03.0942 5500 avipbb - ok
15:15:05.0567 5500 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:15:05.0617 5500 avkmgr - ok
15:15:08.0513 5500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:15:08.0878 5500 b06bdrv - ok
15:15:09.0751 5500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:15:09.0971 5500 b57nd60a - ok
15:15:10.0966 5500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:15:11.0104 5500 Beep - ok
15:15:12.0691 5500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:15:12.0884 5500 blbdrive - ok
15:15:13.0567 5500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:15:14.0415 5500 bowser - ok
15:15:15.0089 5500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:15:17.0291 5500 BrFiltLo - ok
15:15:19.0132 5500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:15:19.0166 5500 BrFiltUp - ok
15:15:19.0673 5500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:15:20.0263 5500 Brserid - ok
15:15:21.0665 5500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:15:21.0771 5500 BrSerWdm - ok
15:15:22.0652 5500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:15:23.0206 5500 BrUsbMdm - ok
15:15:24.0486 5500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:15:24.0586 5500 BrUsbSer - ok
15:15:25.0698 5500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:15:25.0859 5500 BTHMODEM - ok
15:15:26.0822 5500 CbFs (d8466df7629a7acd2bed0cde206e5df9) C:\Windows\system32\drivers\cbfs.sys
15:15:26.0900 5500 CbFs - ok
15:15:28.0030 5500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:15:28.0165 5500 cdfs - ok
15:15:29.0955 5500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:15:30.0548 5500 cdrom - ok
15:15:32.0001 5500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:15:32.0319 5500 circlass - ok
15:15:33.0172 5500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:15:33.0225 5500 CLFS - ok
15:15:34.0791 5500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:15:34.0883 5500 CmBatt - ok
15:15:35.0813 5500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:15:35.0859 5500 cmdide - ok
15:15:36.0880 5500 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:15:37.0458 5500 CNG - ok
15:15:38.0257 5500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:15:38.0348 5500 Compbatt - ok
15:15:39.0665 5500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:15:40.0414 5500 CompositeBus - ok
15:15:41.0454 5500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:15:41.0717 5500 crcdisk - ok
15:15:42.0928 5500 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:15:44.0696 5500 CSC - ok
15:15:46.0604 5500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:15:46.0823 5500 DfsC - ok
15:15:47.0401 5500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:15:47.0564 5500 discache - ok
15:15:48.0017 5500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:15:48.0072 5500 Disk - ok
15:15:48.0749 5500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:15:49.0049 5500 drmkaud - ok
15:15:50.0254 5500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:15:50.0406 5500 DXGKrnl - ok
15:15:51.0885 5500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:15:52.0895 5500 ebdrv - ok
15:15:54.0950 5500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:15:55.0089 5500 elxstor - ok
15:15:55.0694 5500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:15:55.0921 5500 ErrDev - ok
15:15:56.0782 5500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:15:57.0174 5500 exfat - ok
15:15:58.0492 5500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:15:59.0003 5500 fastfat - ok
15:15:59.0912 5500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:16:00.0613 5500 fdc - ok
15:16:01.0172 5500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:16:02.0386 5500 FileInfo - ok
15:16:03.0310 5500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:16:03.0616 5500 Filetrace - ok
15:16:04.0053 5500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:16:04.0275 5500 flpydisk - ok
15:16:04.0647 5500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:16:06.0492 5500 FltMgr - ok
15:16:06.0850 5500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:16:07.0231 5500 FsDepends - ok
15:16:07.0439 5500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:16:07.0490 5500 Fs_Rec - ok
15:16:08.0378 5500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:16:08.0511 5500 fvevol - ok
15:16:09.0542 5500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:16:09.0613 5500 gagp30kx - ok
15:16:10.0459 5500 GPU-Z - ok
15:16:11.0858 5500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:16:12.0115 5500 hcw85cir - ok
15:16:12.0410 5500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:16:12.0528 5500 HdAudAddService - ok
15:16:13.0375 5500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:16:13.0781 5500 HDAudBus - ok
15:16:14.0219 5500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:16:14.0274 5500 HidBatt - ok
15:16:15.0406 5500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:16:16.0073 5500 HidBth - ok
15:16:17.0440 5500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:16:18.0186 5500 HidIr - ok
15:16:20.0487 5500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:16:21.0155 5500 HidUsb - ok
15:16:22.0958 5500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:16:23.0011 5500 HpSAMD - ok
15:16:24.0041 5500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:16:24.0557 5500 HTTP - ok
15:16:25.0861 5500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:16:25.0927 5500 hwpolicy - ok
15:16:27.0199 5500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:16:27.0262 5500 i8042prt - ok
15:16:29.0204 5500 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
15:16:29.0232 5500 iaStor - ok
15:16:30.0196 5500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:16:30.0314 5500 iaStorV - ok
15:16:31.0637 5500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:16:31.0676 5500 iirsp - ok
15:16:32.0428 5500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:16:32.0452 5500 intelide - ok
15:16:33.0485 5500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:16:33.0638 5500 intelppm - ok
15:16:34.0571 5500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:16:34.0672 5500 IpFilterDriver - ok
15:16:35.0526 5500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:16:35.0650 5500 IPMIDRV - ok
15:16:36.0540 5500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:16:36.0629 5500 IPNAT - ok
15:16:37.0357 5500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:16:37.0810 5500 IRENUM - ok
15:16:38.0631 5500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:16:38.0681 5500 isapnp - ok
15:16:39.0121 5500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:16:39.0276 5500 iScsiPrt - ok
15:16:39.0507 5500 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
15:16:39.0599 5500 itecir - ok
15:16:40.0737 5500 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:16:41.0143 5500 k57nd60a - ok
15:16:41.0966 5500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:16:42.0177 5500 kbdclass - ok
15:16:42.0459 5500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:16:42.0532 5500 kbdhid - ok
15:16:42.0868 5500 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:16:42.0917 5500 KSecDD - ok
15:16:43.0209 5500 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:16:43.0282 5500 KSecPkg - ok
15:16:43.0511 5500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:16:43.0583 5500 ksthunk - ok
15:16:44.0341 5500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:16:44.0556 5500 lltdio - ok
15:16:45.0309 5500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:16:45.0345 5500 LSI_FC - ok
15:16:45.0926 5500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:16:45.0991 5500 LSI_SAS - ok
15:16:46.0226 5500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:16:46.0281 5500 LSI_SAS2 - ok
15:16:47.0306 5500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:16:47.0362 5500 LSI_SCSI - ok
15:16:48.0360 5500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:16:48.0716 5500 luafv - ok
15:16:50.0232 5500 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:16:50.0267 5500 MBAMProtector - ok
15:16:51.0232 5500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:16:51.0296 5500 megasas - ok
15:16:52.0567 5500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:16:52.0718 5500 MegaSR - ok
15:16:53.0607 5500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:16:53.0698 5500 Modem - ok
15:16:54.0707 5500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:16:54.0965 5500 monitor - ok
15:16:56.0194 5500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:16:56.0243 5500 mouclass - ok
15:16:56.0908 5500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:16:57.0215 5500 mouhid - ok
15:16:58.0079 5500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:16:58.0150 5500 mountmgr - ok
15:16:59.0774 5500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:16:59.0825 5500 mpio - ok
15:17:00.0606 5500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:17:00.0929 5500 mpsdrv - ok
15:17:02.0098 5500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:17:04.0025 5500 MRxDAV - ok
15:17:05.0544 5500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:06.0460 5500 mrxsmb - ok
15:17:07.0859 5500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:08.0330 5500 mrxsmb10 - ok
15:17:09.0114 5500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:09.0636 5500 mrxsmb20 - ok
15:17:10.0584 5500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:17:10.0633 5500 msahci - ok
15:17:11.0244 5500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:17:11.0333 5500 msdsm - ok
15:17:12.0133 5500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:17:12.0222 5500 Msfs - ok
15:17:12.0514 5500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:17:12.0646 5500 mshidkmdf - ok
15:17:12.0794 5500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:17:12.0845 5500 msisadrv - ok
15:17:12.0956 5500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:17:13.0138 5500 MSKSSRV - ok
15:17:13.0246 5500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:13.0310 5500 MSPCLOCK - ok
15:17:13.0409 5500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:17:13.0817 5500 MSPQM - ok
15:17:14.0024 5500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:17:14.0144 5500 MsRPC - ok
15:17:14.0234 5500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:17:14.0329 5500 mssmbios - ok
15:17:14.0749 5500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:17:14.0861 5500 MSTEE - ok
15:17:14.0915 5500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:17:14.0959 5500 MTConfig - ok
15:17:15.0466 5500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:17:15.0507 5500 Mup - ok
15:17:15.0749 5500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:17:15.0881 5500 NativeWifiP - ok
15:17:16.0371 5500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:17:16.0412 5500 NDIS - ok
15:17:16.0505 5500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:17:16.0600 5500 NdisCap - ok
15:17:16.0740 5500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:16.0831 5500 NdisTapi - ok
15:17:16.0931 5500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:17.0033 5500 Ndisuio - ok
15:17:17.0148 5500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:17.0255 5500 NdisWan - ok
15:17:17.0379 5500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:17:17.0442 5500 NDProxy - ok
15:17:17.0717 5500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:17:17.0839 5500 NetBIOS - ok
15:17:17.0924 5500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:17:18.0076 5500 NetBT - ok
15:17:19.0613 5500 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:17:19.0996 5500 netw5v64 - ok
15:17:21.0804 5500 NETwNs64 (9ec1edebba8cf6a30899ee38ab1352cc) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:17:22.0717 5500 NETwNs64 - ok
15:17:23.0936 5500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:17:24.0002 5500 nfrd960 - ok
15:17:26.0497 5500 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
15:17:27.0138 5500 nmwcd - ok
15:17:28.0587 5500 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys
15:17:28.0666 5500 nmwcdc - ok
15:17:29.0036 5500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:17:29.0156 5500 Npfs - ok
15:17:29.0409 5500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:17:29.0726 5500 nsiproxy - ok
15:17:31.0894 5500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:17:33.0057 5500 Ntfs - ok
15:17:33.0888 5500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:17:33.0989 5500 Null - ok
15:17:34.0349 5500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:17:34.0384 5500 nvraid - ok
15:17:35.0639 5500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:17:35.0684 5500 nvstor - ok
15:17:36.0968 5500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:17:37.0057 5500 nv_agp - ok
15:17:37.0621 5500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:17:37.0718 5500 ohci1394 - ok
15:17:37.0929 5500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:17:38.0019 5500 Parport - ok
15:17:38.0397 5500 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:17:38.0440 5500 partmgr - ok
15:17:38.0685 5500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:17:38.0762 5500 pci - ok
15:17:39.0501 5500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:17:39.0529 5500 pciide - ok
15:17:41.0140 5500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:17:41.0303 5500 pcmcia - ok
15:17:41.0732 5500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:17:41.0771 5500 pcw - ok
15:17:41.0923 5500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:17:42.0189 5500 PEAUTH - ok
15:17:42.0595 5500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:17:42.0707 5500 PptpMiniport - ok
15:17:43.0070 5500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:17:43.0199 5500 Processor - ok
15:17:45.0162 5500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:17:45.0425 5500 Psched - ok
15:17:46.0356 5500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:17:46.0737 5500 ql2300 - ok
15:17:47.0260 5500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:17:47.0378 5500 ql40xx - ok
15:17:47.0662 5500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:17:47.0821 5500 QWAVEdrv - ok
15:17:48.0111 5500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:17:48.0260 5500 RasAcd - ok
15:17:48.0676 5500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:17:48.0748 5500 RasAgileVpn - ok
15:17:48.0855 5500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:17:48.0948 5500 Rasl2tp - ok
15:17:49.0330 5500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:17:49.0512 5500 RasPppoe - ok
15:17:49.0761 5500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:17:49.0880 5500 RasSstp - ok
15:17:50.0010 5500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:17:50.0127 5500 rdbss - ok
15:17:50.0296 5500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:17:50.0345 5500 rdpbus - ok
15:17:50.0364 5500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:17:50.0430 5500 RDPCDD - ok
15:17:50.0725 5500 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:17:51.0235 5500 RDPDR - ok
15:17:51.0850 5500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:17:51.0972 5500 RDPENCDD - ok
15:17:53.0300 5500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:17:53.0374 5500 RDPREFMP - ok
15:17:53.0624 5500 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:17:53.0804 5500 RDPWD - ok
15:17:54.0040 5500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:17:54.0171 5500 rdyboost - ok
15:17:55.0071 5500 rimmptsk (9c23519fc1fd331aaaedc145ab947293) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:17:55.0408 5500 rimmptsk - ok
15:17:55.0846 5500 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
15:17:55.0960 5500 rimsptsk - ok
15:17:56.0185 5500 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:17:56.0444 5500 rismxdp - ok
15:17:57.0729 5500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:17:57.0806 5500 rspndr - ok
15:17:58.0462 5500 RTCore64 (592065b29131af32aa18a9e546be9617) C:\Users\Daniel\Utilities\rmclock\RTCore64.sys
15:17:58.0779 5500 RTCore64 ( UnsignedFile.Multi.Generic ) - warning
15:17:58.0779 5500 RTCore64 - detected UnsignedFile.Multi.Generic (1)
15:17:59.0467 5500 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:18:01.0534 5500 s3cap - ok
15:18:03.0736 5500 SbieDrv (1fc5d553f8ec9779702fb8264863e3a2) C:\Program Files\Sandboxie\SbieDrv.sys
15:18:03.0796 5500 SbieDrv - ok
15:18:05.0354 5500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:18:05.0482 5500 sbp2port - ok
15:18:05.0677 5500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:18:05.0858 5500 scfilter - ok
15:18:06.0082 5500 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:18:06.0170 5500 sdbus - ok
15:18:07.0182 5500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:18:07.0490 5500 secdrv - ok
15:18:07.0968 5500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:18:08.0066 5500 Serenum - ok
15:18:08.0244 5500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:18:08.0293 5500 Serial - ok
15:18:08.0885 5500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:18:09.0336 5500 sermouse - ok
15:18:10.0312 5500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:18:10.0438 5500 sffdisk - ok
15:18:11.0421 5500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:18:11.0651 5500 sffp_mmc - ok
15:18:12.0282 5500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:18:12.0682 5500 sffp_sd - ok
15:18:13.0747 5500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:18:13.0847 5500 sfloppy - ok
15:18:14.0613 5500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:18:14.0667 5500 SiSRaid2 - ok
15:18:15.0120 5500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:18:15.0165 5500 SiSRaid4 - ok
15:18:15.0928 5500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:18:16.0331 5500 Smb - ok
15:18:16.0930 5500 speedfan - ok
15:18:18.0117 5500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:18:18.0161 5500 spldr - ok
15:18:19.0507 5500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:18:19.0671 5500 srv - ok
15:18:19.0933 5500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:18:20.0129 5500 srv2 - ok
15:18:20.0286 5500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:18:21.0455 5500 srvnet - ok
15:18:22.0907 5500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:18:22.0969 5500 stexstor - ok
15:18:23.0692 5500 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:18:23.0735 5500 storflt - ok
15:18:25.0980 5500 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:18:26.0133 5500 storvsc - ok
15:18:30.0333 5500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:18:30.0540 5500 swenum - ok
15:18:35.0112 5500 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:18:41.0879 5500 Tcpip - ok
15:18:45.0688 5500 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:18:45.0729 5500 TCPIP6 - ok
15:18:51.0459 5500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:18:51.0626 5500 tcpipreg - ok
15:18:56.0016 5500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:18:57.0603 5500 TDPIPE - ok
15:19:01.0057 5500 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:19:01.0420 5500 TDTCP - ok
15:19:05.0501 5500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:19:06.0042 5500 tdx - ok
15:19:10.0838 5500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:19:11.0317 5500 TermDD - ok
15:19:16.0172 5500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:19:17.0149 5500 tssecsrv - ok
15:19:19.0802 5500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:19:21.0538 5500 TsUsbFlt - ok
15:19:27.0262 5500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:19:27.0986 5500 tunnel - ok
15:19:30.0188 5500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:19:30.0231 5500 uagp35 - ok
15:19:34.0359 5500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:19:35.0712 5500 udfs - ok
15:19:41.0919 5500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:19:42.0014 5500 uliagpkx - ok
15:19:44.0109 5500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:19:45.0040 5500 umbus - ok
15:19:48.0505 5500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:19:50.0986 5500 UmPass - ok
15:19:53.0163 5500 upperdev (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:19:53.0931 5500 upperdev - ok
15:19:58.0676 5500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:19:59.0129 5500 usbccgp - ok
15:20:01.0089 5500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:20:02.0177 5500 usbcir - ok
15:20:03.0391 5500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:20:03.0714 5500 usbehci - ok
15:20:05.0380 5500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:20:05.0843 5500 usbhub - ok
15:20:07.0167 5500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:20:07.0540 5500 usbohci - ok
15:20:08.0534 5500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:20:08.0642 5500 usbprint - ok
15:20:09.0694 5500 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
15:20:10.0089 5500 usbser - ok
15:20:10.0294 5500 UsbserFilt (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:20:10.0472 5500 UsbserFilt - ok
15:20:10.0862 5500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:20:12.0665 5500 USBSTOR - ok
15:20:14.0903 5500 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:20:15.0006 5500 usbuhci - ok
15:20:17.0852 5500 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:20:18.0641 5500 usbvideo - ok
15:20:19.0403 5500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:20:19.0434 5500 vdrvroot - ok
15:20:21.0279 5500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:20:21.0371 5500 vga - ok
15:20:22.0647 5500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:20:22.0774 5500 VgaSave - ok
15:20:23.0849 5500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:20:24.0014 5500 vhdmp - ok
15:20:24.0649 5500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:20:24.0668 5500 viaide - ok
15:20:25.0539 5500 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:20:25.0708 5500 vmbus - ok
15:20:26.0074 5500 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:20:26.0152 5500 VMBusHID - ok
15:20:26.0589 5500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:20:26.0648 5500 volmgr - ok
15:20:28.0223 5500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:20:28.0361 5500 volmgrx - ok
15:20:30.0097 5500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:20:30.0204 5500 volsnap - ok
15:20:30.0973 5500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:20:31.0017 5500 vsmraid - ok
15:20:31.0230 5500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:20:31.0318 5500 vwifibus - ok
15:20:31.0962 5500 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:20:32.0330 5500 vwififlt - ok
15:20:34.0006 5500 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:20:34.0081 5500 vwifimp - ok
15:20:35.0865 5500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:20:36.0415 5500 WacomPen - ok
15:20:38.0106 5500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:20:38.0191 5500 WANARP - ok
15:20:38.0218 5500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:20:38.0253 5500 Wanarpv6 - ok
15:20:39.0532 5500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:20:39.0574 5500 Wd - ok
15:20:41.0031 5500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:20:41.0144 5500 Wdf01000 - ok
15:20:43.0123 5500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:20:43.0189 5500 WfpLwf - ok
15:20:44.0441 5500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:20:44.0482 5500 WIMMount - ok
15:20:46.0514 5500 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:20:46.0752 5500 WinUsb - ok
15:20:49.0475 5500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:20:51.0453 5500 WmiAcpi - ok
15:20:52.0946 5500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:20:53.0206 5500 ws2ifsl - ok
15:20:54.0042 5500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:20:54.0421 5500 WudfPf - ok
15:20:55.0951 5500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:20:56.0096 5500 WUDFRd - ok
15:20:56.0533 5500 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
15:20:56.0651 5500 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
15:20:57.0238 5500 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:21:03.0478 5500 \Device\Harddisk0\DR0 - ok
15:21:03.0760 5500 Boot (0x1200) (cf4f789a1bee25de6161f08cf6f12715) \Device\Harddisk0\DR0\Partition0
15:21:03.0806 5500 \Device\Harddisk0\DR0\Partition0 - ok
15:21:03.0807 5500 ============================================================
15:21:03.0807 5500 Scan finished
15:21:03.0807 5500 ============================================================
15:21:03.0844 5676 Detected object count: 1
15:21:03.0844 5676 Actual detected object count: 1
15:21:26.0543 5676 C:\Users\Daniel\Utilities\rmclock\RTCore64.sys - copied to quarantine
15:21:26.0545 5676 RTCore64 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
Geändert von deegee85 (02.01.2012 um 15:43 Uhr) |
|
02.01.2012, 15:39
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Die Logs solltest du in CODE-Tags posten!! Muss ich jetzt darauf bei jeder Antwort hinweisen? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 15:42
| #12 |
| | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Sorry, das hab ich nicht kapiert mit dem CODE-Tag, ich dachte, das wäre nur eine Formulierung  |
|
02.01.2012, 16:05
| #13 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 16:21
| #14 |
| | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Das ist mein voreiliger Programmgehorsam (da ich es eh nicht mehr genutzt habe, dachte ich halt adios)  Nächstes Mal höre ich auf dich :-) |
|
02.01.2012, 16:22
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7 |
| 7 viren, adblock, administrator, antivir, autostart, avg, canon, dateien, dateisystem, desktop, document, explorer, festplatte, google chrome, heuristiks/extra, heuristiks/shuriken, internetseite, langs, microsoft, modul, namen, nt.dll, plug-in, programm, prozesse, registry, rundll, rundll32.exe, sched.exe, seite, software, suche, temp, tr/crypt.xpack.ge, trojan.agent, verweise, viren, virus, webcheck, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
