| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . .Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.01.2012, 16:42
| #1 |
 |  ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Und nun bin ich auch auf den Leim gegangen. Beim surfen plötzlich Bildschirm Weiß, nach einiger Zeit kam dann eine Anzeige, dass das Betriebssystem aus sicherheitsgründen gesperrt worden sei. Dieser Computer sei in Verbindung mit kinderpornografischem Inhalt und terroristischen E-Mails in verbindung gebracht worden sein. Die Sperre würde sich mit Bezahlung von 100 Euro über ukash aufheben lassen. Selbst den Taskmanager hat das Dingen blockiert. Selbst die IP und den DSL-Anbieter hat der Schlingel ausgegeben!!! Habe dann über Strg-Alt-Entf auf Abmelden geklickt, als dann die Frage kam ob wirklich abgemeldet werden solle da noch fenster offen sind habe ich auf Abbrechen geklickt, seither habe ich den Bildschirm wieder aber die Fenster werden nicht mehr korrekt in der Taskleiste angezeigt (manche fehlen) und auch viele fenster sind ganz schmal minimiert. Nach Recherchen im Internet fand ich das: https://www.bka.de/nn_196810/DE/ThemenABisZ/Kriminalpraevention/Warnhinweise/110401__BKABPolSchadsoftware.html?__nnn=true Die Seite sah zwar ein wenig anders aus, aber das ist ja egal. Meine Frage nun, Antivir hat nichts gefunden. Im Task-Manager (den ich wieder öffnen kann) finde ich auch keinen seltsamen hinweis), trotzdem muss dieser Virus ja irgendwo noch sein, da es ja auf mein System zugreifen konnte, was soll ich noch tun... bin jetzt nicht ganz beruhigt weiter an dem Computer zu arbeiten. MBAN hat etwas gefunden, auch in den Temp-Dateien wo meine Vermutung lag, könnt ihr mir sagen ob das dieses Virus gewesen ist oder ob ich mir noch sorgen machen muss und wie ich jetzt weiter vorgehen soll? Vielen Dank im Voraus System: Windows Vista Home Premium 32Bit SP1 P.S.: Habe auf folgender Seite einen Hinweis gefunden, das diese Datei wpbt0.dll der Trojaner sei. hxxp://www.las-webservice.com/downloads/bundespolizei-trojaner---schritt-fuer-schritt-.pdf Kan ich der Anleitung dort Vertrauen bzw. reich diese aus? Das löschen eines Trojaners mit Umschalt+Entf ist endgültig, hab da umständlichere Entfernungen in erinnerung. Geändert von Change (05.01.2012 um 17:12 Uhr) |
|
05.01.2012, 17:11
| #2 | ||
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Antivir hat nach einer Vollprüfung nun doch etwas gefunden:
__________________Zitat:
Zitat:
|
|
07.01.2012, 11:37
| #3 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Laut hxxp://bka-trojaner.de/ habe ich Version 1.03.
__________________Was soll ich nun tun? |
|
07.01.2012, 12:32
| #4 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . So, hab die Datei wpbt0.dll nun mal per Umschalt+Entf gelöscht. Diese befand sich im Ordner: C:\Users\XXUSERXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll Seither funktioniert alles wieder ganz passabel, um nun aber restlos auch Registryeinträge o.ä. zurückgebliebenen Trojanerreste zu beseitigen bitte ich nochmal um eure Hilfe. Ein neuer MBAM-Log poste ich nun auch. (Es sind mehr infizierte Objekte gefunden worden... BOTNet?) Vielen Dank im Voraus Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.07.01 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Medion :: MEDION-PC [Administrator] Schutz: Aktiviert 07.01.2012 12:27:00 mbam-log-2012-01-07 (12-32-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 168537 Laufzeit: 3 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Medion\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\Medion\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. C:\$RECYCLE.BIN\S-1-5-21-1796333214-148585332-2916717118-1001\$R0W71CL.exe (PUP.CNET.Adware.Bundle) -> Keine Aktion durchgeführt. C:\$RECYCLE.BIN\S-1-5-21-1796333214-148585332-2916717118-1001\$R073ORC.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\Users\Medion\AppData\Local\Temp\xFeBvjtc.exe.part (PUP.CNET.Adware.Bundle) -> Keine Aktion durchgeführt. C:\Users\Medion\AppData\Local\Temp\ICReinstall\cnet2_smac20_setup_exe.exe (PUP.CNET.Adware.Bundle) -> Keine Aktion durchgeführt. (Ende) |
|
07.01.2012, 13:27
| #5 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . OTL Log Code:
ATTFilter OTL logfile created on: 07.01.2012 13:12:00 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Medion\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,40% Memory free 6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,32 Gb Total Space | 138,10 Gb Free Space | 49,62% Space Free | Partition Type: NTFS Drive D: | 19,76 Gb Total Space | 6,87 Gb Free Space | 34,78% Space Free | Partition Type: FAT32 Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.07 12:20:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.01.07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.08.04 15:45:54 | 000,334,384 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe PRC - [2008.08.04 15:45:52 | 000,326,192 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel(R) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.12.30 06:14:56 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.12.08 21:54:46 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.01.08 04:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.11.12 00:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.08.28 13:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\FPWinIo.sys -- (FPWinIo) DRV - [2008.08.28 13:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys) DRV - [2008.08.06 15:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.04 15:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.08.04 15:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.08.04 15:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.07.10 10:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.04.28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 19:15:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.03 17:07:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.10.21 19:44:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions [2011.12.20 22:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\gx6q39fm.default\extensions [2011.12.20 22:22:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\gx6q39fm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.15 19:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.15 19:23:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe File not found O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{770313F6-C778-4A84-8FB1-F697B1721686}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{2d0108d6-32a0-11e1-9eed-001f160b7c43}\Shell - "" = AutoRun O33 - MountPoints2\{2d0108d6-32a0-11e1-9eed-001f160b7c43}\Shell\AutoRun\command - "" = E:\DDFSetup.exe O33 - MountPoints2\{5821826c-eda0-11e0-b7fd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5821826c-eda0-11e0-b7fd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.07 12:20:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe [2012.01.05 16:00:51 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes [2012.01.05 16:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.05 16:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.05 16:00:36 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.05 16:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.05 15:44:49 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Medion\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.05 15:21:59 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\steve [2012.01.04 20:48:02 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\img [2012.01.04 18:07:16 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2012.01.04 13:33:25 | 000,000,000 | ---D | C] -- C:\xampp [2012.01.03 17:07:37 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Thunderbird [2012.01.03 17:07:37 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Thunderbird [2012.01.03 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.01.03 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\htdocs [2012.01.03 14:05:36 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\data [2012.01.01 20:53:59 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\jMint-ET [2012.01.01 19:39:27 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\J1.7 [2011.12.31 06:17:19 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.12.31 06:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2011.12.31 06:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die drei Fragezeichen und das Gold der Inkas [2011.12.31 06:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Die drei Fragezeichen und das Gold der Inkas [2011.12.30 06:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011.12.30 06:14:56 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.12.30 06:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011.12.30 06:13:02 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\DAEMON Tools Lite [2011.12.30 06:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.12.28 14:25:08 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\FileZilla [2011.12.28 14:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2011.12.28 14:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2011.12.24 03:53:17 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\CyberLink [2011.12.24 03:53:13 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\CyberLink [2011.12.22 18:02:32 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2011.12.22 18:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.12.22 18:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011.12.21 19:45:09 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\FreePDF_XP [2011.12.21 19:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF [2011.12.21 19:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP [2011.12.21 19:44:34 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\FreePDF [2011.12.21 19:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript [2011.12.21 19:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2011.12.20 22:22:26 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft [2011.12.20 22:22:20 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.20 22:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.12.20 22:22:02 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\DVDVideoSoft [2011.12.20 22:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2011.12.20 22:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2011.12.20 17:09:09 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\GFDOutDir [2011.12.20 17:04:39 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUI for dvdauthor [2011.12.20 17:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GUI for dvdauthor [2011.12.20 17:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\GUI for dvdauthor [2011.12.20 16:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD-lab PRO 2 [2011.12.20 16:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\DVDlabPro2 [2011.12.20 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\NeroVision [2011.12.20 15:20:13 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\My Downloads [2011.12.20 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\AVS4YOU [2011.12.20 15:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2011.12.20 15:04:57 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2011.12.20 15:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU [2011.12.20 15:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2011.12.20 15:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2011.12.20 15:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVSDVDAuthoring [2011.12.20 14:55:54 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\gtk-2.0 [2011.12.20 14:55:05 | 000,000,000 | ---D | C] -- C:\Users\Medion\.thumbnails [2011.12.20 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\gegl-0.0 [2011.12.20 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\Medion\.gimp-2.6 [2011.12.20 14:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011.12.20 14:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2011.12.20 00:31:25 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\c [2011.12.19 19:48:40 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Canneverbe Limited [2011.12.19 19:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2011.12.19 19:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2011.12.19 19:24:07 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\Nero [2011.12.19 19:21:07 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Ahead [2011.12.19 19:20:52 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Nero [2011.12.19 02:06:31 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\TempDIR [2011.12.19 02:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler [2011.12.19 02:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDStyler [2011.12.18 19:40:01 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\Eine himmlische Familie [2011.12.12 13:44:20 | 000,094,208 | R--- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll [2011.12.12 13:44:20 | 000,016,384 | R--- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll [2011.12.12 13:44:20 | 000,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll [2011.12.12 13:44:17 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll [2011.12.12 13:43:52 | 000,126,976 | ---- | C] (Brother Industries,LTD) -- C:\Windows\System32\BrfxD05a.dll [2011.12.11 14:15:36 | 000,057,856 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\brinsstr.dll [2011.12.11 14:15:17 | 000,163,840 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll [2011.12.11 14:15:17 | 000,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll [2011.12.11 14:15:16 | 000,061,952 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll [2011.12.11 14:15:16 | 000,037,376 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll [2011.12.11 14:15:16 | 000,018,944 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrnStiCp.cpl [2011.12.11 14:15:12 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrSti07a.dll [2011.12.11 14:15:09 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\brunin03.dll [2011.12.11 14:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2011.12.11 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\mflpro [2011.12.10 03:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2011.12.09 00:23:09 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\Dragonball Z PS2 Game [2011.12.08 15:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2011.12.08 14:49:52 | 000,000,000 | ---D | C] -- C:\Users\Medion\Documents\PCSX2 [2008.08.28 10:58:13 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.08.28 10:58:13 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.07 13:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012.01.07 12:33:28 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\kdhow.sys [2012.01.07 12:20:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe [2012.01.07 12:15:23 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.07 12:15:23 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.07 12:15:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.07 12:15:23 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.07 12:09:21 | 000,000,680 | ---- | M] () -- C:\Users\Medion\AppData\Local\d3d9caps.dat [2012.01.07 12:08:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 12:08:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 12:08:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.07 12:08:18 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys [2012.01.07 09:48:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.01.05 16:00:40 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.05 15:47:33 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Medion\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.05 00:42:59 | 000,000,273 | ---- | M] () -- C:\Users\Medion\Desktop\lieder.rtf [2012.01.04 21:46:40 | 000,000,032 | ---- | M] () -- C:\Users\Medion\Desktop\pfad.php [2012.01.04 21:25:34 | 000,001,570 | ---- | M] () -- C:\Users\Medion\Desktop\index.html [2012.01.04 21:24:17 | 000,014,597 | ---- | M] () -- C:\Users\Medion\.recently-used.xbel [2012.01.04 21:10:06 | 000,013,936 | ---- | M] () -- C:\Users\Medion\Desktop\Agupo.png [2012.01.04 18:07:16 | 000,000,562 | ---- | M] () -- C:\Users\Medion\Desktop\XAMPP Control Panel.lnk [2012.01.03 21:32:58 | 000,179,128 | ---- | M] () -- C:\Users\Medion\Desktop\minimizetotray_revived-1.0-fx+tb+sm-windows.xpi [2012.01.03 17:07:35 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.01.02 12:52:09 | 000,407,390 | ---- | M] () -- C:\Users\Medion\Desktop\Bildschirmfoto 2012-01-02 um 12.51.03.png [2012.01.01 17:03:25 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.12.30 16:48:32 | 000,074,196 | ---- | M] () -- C:\Users\Medion\Desktop\Überweisungsbeleg K. Gresel.pdf [2011.12.30 06:14:56 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.12.28 16:02:14 | 003,431,534 | ---- | M] () -- C:\Users\Medion\Desktop\testdisk-6.14-WIP.win.zip [2011.12.28 14:29:52 | 000,003,711 | ---- | M] () -- C:\Users\Medion\Desktop\Hyrule TwinkBOT.rtf [2011.12.27 22:49:41 | 005,286,289 | ---- | M] () -- C:\Users\Medion\Desktop\php-kurs-ebook-ohne-sicherheitskapitel.pdf [2011.12.21 22:52:44 | 000,013,312 | ---- | M] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.21 19:45:12 | 000,064,939 | ---- | M] () -- C:\Users\Medion\Desktop\Überweisungsbeleg Salzgrotte Dortmund.pdf [2011.12.21 18:25:16 | 000,324,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.12 13:49:02 | 000,000,212 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2011.12.12 13:49:02 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini [2011.12.12 13:49:02 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf07a.dat [2011.12.11 23:37:43 | 000,138,520 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.12.11 23:36:57 | 000,234,536 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.12.11 15:12:30 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2011.12.11 15:12:30 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.08 21:54:46 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.07 12:33:28 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\kdhow.sys [2012.01.07 09:46:07 | 3215,855,616 | -HS- | C] () -- C:\hiberfil.sys [2012.01.05 16:00:40 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.05 00:42:59 | 000,000,273 | ---- | C] () -- C:\Users\Medion\Desktop\lieder.rtf [2012.01.04 21:46:28 | 000,000,032 | ---- | C] () -- C:\Users\Medion\Desktop\pfad.php [2012.01.04 21:24:17 | 000,014,597 | ---- | C] () -- C:\Users\Medion\.recently-used.xbel [2012.01.04 21:10:05 | 000,013,936 | ---- | C] () -- C:\Users\Medion\Desktop\Agupo.png [2012.01.04 20:31:16 | 000,063,624 | ---- | C] () -- C:\Users\Medion\Desktop\tlac.ttf [2012.01.04 20:26:27 | 000,001,570 | ---- | C] () -- C:\Users\Medion\Desktop\index.html [2012.01.04 18:07:16 | 000,000,562 | ---- | C] () -- C:\Users\Medion\Desktop\XAMPP Control Panel.lnk [2012.01.03 21:32:56 | 000,179,128 | ---- | C] () -- C:\Users\Medion\Desktop\minimizetotray_revived-1.0-fx+tb+sm-windows.xpi [2012.01.03 17:07:33 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.01.03 17:07:32 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.01.03 16:41:04 | 000,002,130 | ---- | C] () -- C:\Users\Medion\Desktop\settings.xml [2012.01.02 12:51:28 | 000,407,390 | ---- | C] () -- C:\Users\Medion\Desktop\Bildschirmfoto 2012-01-02 um 12.51.03.png [2011.12.30 16:48:32 | 000,074,196 | ---- | C] () -- C:\Users\Medion\Desktop\Überweisungsbeleg K. Gresel.pdf [2011.12.28 16:01:46 | 003,431,534 | ---- | C] () -- C:\Users\Medion\Desktop\testdisk-6.14-WIP.win.zip [2011.12.28 13:40:14 | 004,913,522 | ---- | C] () -- C:\Users\Medion\Desktop\g3382_maximus_extreme.pdf [2011.12.27 22:48:42 | 005,286,289 | ---- | C] () -- C:\Users\Medion\Desktop\php-kurs-ebook-ohne-sicherheitskapitel.pdf [2011.12.21 19:45:11 | 000,064,939 | ---- | C] () -- C:\Users\Medion\Desktop\Überweisungsbeleg Salzgrotte Dortmund.pdf [2011.12.21 19:44:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.12.21 19:44:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.12.21 02:11:56 | 000,003,711 | ---- | C] () -- C:\Users\Medion\Desktop\Hyrule TwinkBOT.rtf [2011.12.19 19:48:15 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2011.12.16 18:07:49 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2011.12.12 13:49:02 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.12.12 13:49:02 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.12.12 13:43:54 | 000,006,224 | ---- | C] () -- C:\Windows\CVRPAGE.bmp [2011.12.12 13:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.12.11 14:19:46 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2011.12.11 14:15:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.12.10 03:01:49 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.12.10 03:01:48 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.12.08 22:54:39 | 000,001,755 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2011.12.08 22:54:39 | 000,001,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.12.08 22:54:39 | 000,001,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.11.13 17:40:41 | 000,013,312 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.09 23:20:51 | 000,000,680 | ---- | C] () -- C:\Users\Medion\AppData\Local\d3d9caps.dat [2011.11.05 02:37:17 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.11.05 02:36:29 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.11.05 02:35:55 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.11.03 18:20:47 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2011.10.13 21:30:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2008.09.02 12:45:19 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2008.08.28 13:27:57 | 000,066,856 | ---- | C] () -- C:\Windows\System32\drivers\FPWinIo.sys [2008.08.28 13:15:44 | 000,628,730 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.08.28 13:15:44 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.08.28 13:15:44 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.08.28 13:15:44 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.08.28 13:02:32 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.08.28 13:02:32 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.08.28 11:33:16 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.08.28 10:58:13 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.08.28 10:58:13 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2008.08.28 10:58:13 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.08.28 10:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008.08.28 10:35:46 | 000,119,296 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.08.28 09:31:15 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2008.08.28 09:31:15 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\29563E424B.sys [2008.08.28 03:21:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.08.28 02:43:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2008.01.21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,324,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.09.19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini ========== LOP Check ========== [2011.12.19 19:48:40 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Canneverbe Limited [2011.12.31 06:15:49 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DAEMON Tools Lite [2011.12.20 23:13:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft [2011.12.20 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.05 15:59:41 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\FileZilla [2011.12.21 19:44:34 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\FreePDF [2012.01.04 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\gtk-2.0 [2011.12.15 19:13:29 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\TeamViewer [2012.01.03 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Thunderbird [2011.12.11 22:40:04 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\TS3Client [2012.01.07 09:48:04 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.07 13:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.03 09:34:06 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.08.28 13:16:34 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.10.03 09:29:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.08.28 04:50:19 | 000,000,000 | ---D | M] -- C:\Intel [2011.11.05 04:17:40 | 000,000,000 | ---D | M] -- C:\Medion [2008.08.28 09:52:31 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.05 16:00:36 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.05 16:00:38 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.10.03 09:29:52 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.04 07:33:51 | 000,000,000 | ---D | M] -- C:\report [2012.01.07 13:13:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.10.03 09:33:46 | 000,000,000 | R--D | M] -- C:\Users [2012.01.05 17:19:46 | 000,000,000 | ---D | M] -- C:\Windows [2012.01.04 17:59:33 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\System32\drivers\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008.01.21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-07 11:15:47 < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.01.2012 13:12:00 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Medion\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,40% Memory free
6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 138,10 Gb Free Space | 49,62% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 6,87 Gb Free Space | 34,78% Space Free | Partition Type: FAT32
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0815046E-324B-4155-8545-D5BB7603C454}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{461ED946-5410-4984-9DC0-9C3CC882EB87}" = rport=137 | protocol=17 | dir=out | app=system |
"{4AF721BA-4EE6-4F58-882A-5126824F80D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{77EFBD27-7801-4CE9-95FA-C5E502CF4D15}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B3C3A14-B6CA-49D9-A233-F036E0F4552C}" = lport=445 | protocol=6 | dir=in | app=system |
"{80380AB8-9C04-4E90-87D2-2F1619B4FBB4}" = lport=139 | protocol=6 | dir=in | app=system |
"{A1822F71-1510-4AA8-AD88-4B8F657E9B61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3328D39-FD4F-4DF6-BA77-ABE85A36C3E7}" = rport=445 | protocol=6 | dir=out | app=system |
"{A369371B-C08C-4E50-958F-F1FEEB0FE0FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA44BB9B-354B-4D7C-917B-2C4C5A6A7AFA}" = rport=139 | protocol=6 | dir=out | app=system |
"{B100512D-7F34-47BB-8F62-61282C1D5F16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BEB35B3E-5E16-4924-8229-EB676684EC22}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02258C4D-EBF5-444A-A933-28F07FF1F3C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{150EA0D5-5B30-40B9-88C0-434E496D2967}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{158B9A38-A788-4BBE-B523-BB162CD7700C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{31463359-C09A-4D00-B616-DFC8711A570A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{386676C0-CEB9-4F6E-8071-599FA7E7684E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{38E64B9A-FEA1-4827-9034-F864C12FE89A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3B33BEFE-E7D1-4F8A-8CC6-3B0D5E8C833B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{407F1DD8-BE32-4BDD-8763-132B3E1A0FF0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{52AF912D-542A-46FF-856A-6F79446E2E00}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{74735CE7-5024-4C37-A486-479F7410DCC1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{80549CA2-C551-42A2-AB89-5125176A92DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8082A0D1-CEE1-4A5C-9C42-F4B0DD34E687}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{91CE1C6E-E84E-4D0C-A7F6-39976959CE63}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{92DC2E67-240D-476A-8C0A-FCF79D838AE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B416B237-B199-4A74-8AED-45FFDEDBAE7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{D4D50CC3-2FA1-4D06-B49F-54964E80420E}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{D56F3A26-2D4F-4E5C-9280-B250D2FD91E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{DFF2BEBD-7ED8-42BD-8E23-1122EB6EC9FC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{E295DE7A-C19A-4790-A0B5-1FBA01A07760}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F45A1D01-4D73-4115-8CE2-0B9970D6BF54}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{FAA1B7D3-0C44-4FE5-8E76-2C964CD3B24F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"TCP Query User{1089B5D5-D2D5-4359-98AB-44C49217473E}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{50E91C62-B05D-477B-8955-6A3C119F3B03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5CED3243-71E2-4A7D-BC0E-2C10C2A7F56F}C:\users\medion\appdata\local\temp\rar$ex19.800\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\medion\appdata\local\temp\rar$ex19.800\commonfiles\java\bin\javaw.exe |
"TCP Query User{6FE58BF8-BA62-42EB-80E3-4749D096226C}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{AE541B2E-3576-4C1E-BCE2-2BFC6DBB5386}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{BC48F59D-346D-41CF-947E-2B9D4CC37466}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FC1AFCA3-0488-4975-BE0D-BE286614EC22}C:\users\medion\appdata\local\temp\rar$ex41.992\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\medion\appdata\local\temp\rar$ex41.992\wow-dede-installer-downloader.exe |
"UDP Query User{14A44178-3AB9-4AC5-A7B9-1AB3F23D155C}C:\users\medion\appdata\local\temp\rar$ex41.992\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\medion\appdata\local\temp\rar$ex41.992\wow-dede-installer-downloader.exe |
"UDP Query User{65EC10AC-C8DB-4872-B949-2DE13331638C}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{7B968BCD-582F-40C1-B953-A384636F6FCA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{89BB4E22-B531-4F12-814D-D4E3A7B71D01}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{97516DDD-2595-4A83-A79A-43D24C91BF91}C:\users\medion\appdata\local\temp\rar$ex19.800\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\medion\appdata\local\temp\rar$ex19.800\commonfiles\java\bin\javaw.exe |
"UDP Query User{A30A0841-85BD-4672-AA2B-605B7A85ED85}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{CCDF1506-88FD-4D45-AC99-2A1639DE2C2E}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0ED47137-C071-46CC-A243-E5E33271E10E}" = Windows Live Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die drei Fragezeichen und das Gold der Inkas_is1" = Die drei Fragezeichen und das Gold der Inkas
"DVD-lab PRO 2.5_is1" = DVD-lab PRO 2.5
"DVDStyler_is1" = DVDStyler v2.0.1
"FileZilla Client" = FileZilla Client 3.5.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.3.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"FreePDF_XP" = FreePDF (Remove only)
"GameSpy Arcade" = GameSpy Arcade
"GPL Ghostscript 9.04" = GPL Ghostscript
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 10.0
"PSPad editor_is1" = PSPad editor
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.93
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
"xampp" = XAMPP 1.7.7
"Xfire" = Xfire (remove only)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.01.2012 12:12:59 | Computer Name = Medion-PC | Source = MySQL | ID = 100
Description = Fatal error: Can't open and lock privilege tables: Incorrect key file
for table 'user'; try to repair it For more information, see Help and Support Center
at hxxp://www.mysql.com.
Error - 04.01.2012 12:13:10 | Computer Name = Medion-PC | Source = MySQL | ID = 100
Description = Fatal error: Can't open and lock privilege tables: Incorrect key file
for table 'user'; try to repair it For more information, see Help and Support Center
at hxxp://www.mysql.com.
Error - 04.01.2012 12:27:31 | Computer Name = Medion-PC | Source = MySQL | ID = 100
Description = Fatal error: Can't open and lock privilege tables: Incorrect key file
for table 'user'; try to repair it For more information, see Help and Support Center
at hxxp://www.mysql.com.
Error - 04.01.2012 12:27:51 | Computer Name = Medion-PC | Source = VSS | ID = 8194
Description =
Error - 05.01.2012 08:23:48 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.01.2012 12:18:36 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2012 04:42:26 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2012 04:47:48 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2012 07:09:57 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2012 07:33:51 | Computer Name = Medion-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 31.12.2011 05:11:58 | Computer Name = Medion-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 31.12.2011 10:52:43 | Computer Name = Medion-PC | Source = HTTP | ID = 15016
Description =
Error - 31.12.2011 10:54:11 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.12.2011 10:54:11 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.12.2011 13:34:16 | Computer Name = Medion-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 01.01.2012 07:06:12 | Computer Name = Medion-PC | Source = HTTP | ID = 15016
Description =
Error - 01.01.2012 07:07:41 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.01.2012 07:07:41 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.01.2012 12:08:40 | Computer Name = Medion-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 01.01.2012 12:21:08 | Computer Name = Medion-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
< End of report >
|
|
07.01.2012, 13:38
| #6 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Unsinn entfernt //cosinus Geändert von cosinus (07.01.2012 um 16:52 Uhr) |
|
07.01.2012, 13:53
| #7 | |
| /// caddy ☀    | OT @Change Posting von Sven-Uwe bitte nicht beachten, sobald einer der zuständigen Mods online ist, wird der Beitrag entfernt.  BTW: Du hast dir selbst im Thread geantwortet, somit wurde der Beitrag übersehen Zitat:
@Sven-Uwe Nicht in andere Threads in den Sicherheitsforen einmischen! Gründe -> http://www.trojaner-board.de/95121-hilft-mir.html
__________________ Investiere keine Zeit in Jemand oder eine Sache, für die/den du oder die für dich nur eine Option unter Vielen ist Jede Hilfestellung erfolgt ohne Gewähr und Haftung |
|
07.01.2012, 16:30
| #8 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Hi, Dateien Online überprüfen lassen
Code:
ATTFilter C:\Windows\System32\drivers\hamachi.sys
C:\Windows\system32\DRIVERS\FPWinIo.sys
C:\Windows\System32\drivers\kdhow.sys
Fix für OTL:
 Code:
ATTFilter :OTL
SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel(R)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
[2012.01.07 13:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
:Commands
[emptytemp]
[Reboot]
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
07.01.2012, 23:25
| #9 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Hallo, vielen, vielen Dank. 1. Virus-Total-Scans
Fix durchgeführt. Er hat wohl einen Eintrag in der Registry nicht gefunden. Der Log öffnet sich nach dem Neustart übrigens von selbst. 3. TDSS-Killer Scan durchgeführt, 0 results. Log siehe unten. 4. Malewarebytes Das Programm Antimalewarebytes habe ich schon (Quick Scan-Logs stehen ja auch schon oben) Der Reiter heißt übrigens "Aktualisierungen" nicht "Updates", nicht falsch verstehen, nur für die nächsten Male, damit andere User nicht verwirrt sind. Komplettscan 0 Ergebnisse, deshalb gab es auch keinen Log. LOGS hamachi.sys-Log Code:
ATTFilter File name:
hamachi.sys
Submission date:
2012-01-07 20:04:33 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2012.01.07.00 2012.01.07 -
AntiVir 7.11.20.194 2012.01.06 -
Antiy-AVL 2.0.3.7 2012.01.07 -
Avast 6.0.1289.0 2012.01.07 -
AVG 10.0.0.1190 2012.01.07 -
BitDefender 7.2 2012.01.07 -
ByteHero 1.0.0.1 2011.12.31 -
CAT-QuickHeal 12.00 2012.01.07 -
ClamAV 0.97.3.0 2012.01.07 -
Commtouch 5.3.2.6 2012.01.07 -
Comodo 11205 2012.01.07 -
DrWeb 5.0.2.03300 2012.01.07 -
Emsisoft 5.1.0.11 2012.01.07 -
eSafe 7.0.17.0 2012.01.03 -
eTrust-Vet 37.0.9668 2012.01.06 -
F-Prot 4.6.5.141 2012.01.07 -
F-Secure 9.0.16440.0 2012.01.07 -
Fortinet 4.3.388.0 2012.01.07 -
GData 22.337/22.631 2012.01.07 -
Ikarus T3.1.1.109.0 2012.01.07 -
Jiangmin 13.0.900 2012.01.07 -
K7AntiVirus 9.123.5881 2012.01.06 -
Kaspersky 9.0.0.837 2012.01.07 -
McAfee 5.400.0.1158 2012.01.07 -
McAfee-GW-Edition 2010.1E 2012.01.07 -
Microsoft 1.7903 2012.01.07 -
NOD32 6775 2012.01.07 -
Norman 6.07.13 2012.01.07 -
nProtect 2012-01-07.01 2012.01.07 -
Panda 10.0.3.5 2012.01.07 -
PCTools 8.0.0.5 2012.01.07 -
Prevx 3.0 2012.01.07 -
Rising 23.91.04.02 2012.01.06 -
Sophos 4.73.0 2012.01.07 -
SUPERAntiSpyware 4.40.0.1006 2012.01.07 -
Symantec 20111.2.0.82 2012.01.07 -
TheHacker 6.7.0.1.373 2012.01.06 -
TrendMicro 9.500.0.1008 2012.01.07 -
TrendMicro-HouseCall 9.500.0.1008 2012.01.07 -
VBA32 3.12.16.4 2012.01.06 -
VIPRE 11365 2012.01.07 -
ViRobot 2012.1.7.4869 2012.01.07 -
VirusBuster 14.1.155.0 2012.01.07 -
Additional information
MD5 : 833051c6c6c42117191935f734cfbd97
SHA1 : f7d5e5a82e9083dfcc3d49658668b1d1d4342d46
SHA256: 5eb5672abc7994a4aff855a572158b8be4fc6e541cfd4b9be4ff2739a9a6afb8
FPWinIo.sys-Log Code:
ATTFilter File name:
FPWinIo.sys
Submission date:
2012-01-07 20:07:28 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2012.01.07.00 2012.01.07 -
AntiVir 7.11.20.194 2012.01.06 -
Antiy-AVL 2.0.3.7 2012.01.07 -
Avast 6.0.1289.0 2012.01.07 -
AVG 10.0.0.1190 2012.01.07 -
BitDefender 7.2 2012.01.07 -
ByteHero 1.0.0.1 2011.12.31 -
CAT-QuickHeal 12.00 2012.01.07 -
ClamAV 0.97.3.0 2012.01.07 -
Commtouch 5.3.2.6 2012.01.07 -
Comodo 11205 2012.01.07 -
DrWeb 5.0.2.03300 2012.01.07 -
Emsisoft 5.1.0.11 2012.01.07 -
eSafe 7.0.17.0 2012.01.03 -
eTrust-Vet 37.0.9668 2012.01.06 -
F-Prot 4.6.5.141 2012.01.07 -
F-Secure 9.0.16440.0 2012.01.07 -
Fortinet 4.3.388.0 2012.01.07 -
GData 22 2012.01.07 -
Ikarus T3.1.1.109.0 2012.01.07 -
Jiangmin 13.0.900 2012.01.07 -
K7AntiVirus 9.123.5881 2012.01.06 -
Kaspersky 9.0.0.837 2012.01.07 -
McAfee 5.400.0.1158 2012.01.07 -
McAfee-GW-Edition 2010.1E 2012.01.07 -
Microsoft 1.7903 2012.01.07 -
NOD32 6775 2012.01.07 -
Norman 6.07.13 2012.01.07 -
nProtect 2012-01-07.01 2012.01.07 -
Panda 10.0.3.5 2012.01.07 -
PCTools 8.0.0.5 2012.01.07 -
Prevx 3.0 2012.01.07 -
Rising 23.91.04.02 2012.01.06 -
Sophos 4.73.0 2012.01.07 -
SUPERAntiSpyware 4.40.0.1006 2012.01.07 -
Symantec 20111.2.0.82 2012.01.07 -
TheHacker 6.7.0.1.373 2012.01.06 -
TrendMicro 9.500.0.1008 2012.01.07 -
TrendMicro-HouseCall 9.500.0.1008 2012.01.07 -
VBA32 3.12.16.4 2012.01.06 -
VIPRE 11365 2012.01.07 -
ViRobot 2012.1.7.4869 2012.01.07 -
VirusBuster 14.1.155.0 2012.01.07 -
Additional information
MD5 : 4eff8408dd280f2468c39d0f4a2cec0d
SHA1 : 95b9c184ab9477e2ef639581c1610ed056394e6d
SHA256: 91e60862d1ec9640dc9a01b41ac737524cd2d54cfc34aef193c335e085308482
Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named IAANTMON) Intel(R was found to stop!
Service\Driver key IAANTMON) Intel(R not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
D:\AUTOEXEC.BAT moved successfully.
C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Medion
->Temp folder emptied: 601407900 bytes
->Temporary Internet Files folder emptied: 44277050 bytes
->Java cache emptied: 4273226 bytes
->FireFox cache emptied: 201443696 bytes
->Flash cache emptied: 55673 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6266852026 bytes
RecycleBin emptied: 2711570081 bytes
Total Files Cleaned = 9.375,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01072012_212026
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETACD1.tmp not found!
Registry entries deleted on Reboot...
Code:
ATTFilter 21:31:32.0312 5608 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:31:32.0468 5608 ============================================================
21:31:32.0468 5608 Current date / time: 2012/01/07 21:31:32.0468
21:31:32.0468 5608 SystemInfo:
21:31:32.0468 5608
21:31:32.0468 5608 OS Version: 6.0.6001 ServicePack: 1.0
21:31:32.0468 5608 Product type: Workstation
21:31:32.0468 5608 ComputerName: MEDION-PC
21:31:32.0468 5608 UserName: Medion
21:31:32.0468 5608 Windows directory: C:\Windows
21:31:32.0468 5608 System windows directory: C:\Windows
21:31:32.0468 5608 Processor architecture: Intel x86
21:31:32.0468 5608 Number of processors: 2
21:31:32.0468 5608 Page size: 0x1000
21:31:32.0468 5608 Boot type: Normal boot
21:31:32.0468 5608 ============================================================
21:31:32.0999 5608 Initialize success
21:31:34.0824 4308 ============================================================
21:31:34.0824 4308 Scan started
21:31:34.0824 4308 Mode: Manual;
21:31:34.0824 4308 ============================================================
21:31:35.0167 4308 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
21:31:35.0167 4308 ACPI - ok
21:31:35.0214 4308 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:31:35.0214 4308 adp94xx - ok
21:31:35.0245 4308 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:31:35.0245 4308 adpahci - ok
21:31:35.0276 4308 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:31:35.0292 4308 adpu160m - ok
21:31:35.0339 4308 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:31:35.0339 4308 adpu320 - ok
21:31:35.0386 4308 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
21:31:35.0386 4308 AFD - ok
21:31:35.0432 4308 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:31:35.0432 4308 agp440 - ok
21:31:35.0464 4308 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:31:35.0464 4308 aic78xx - ok
21:31:35.0495 4308 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:31:35.0495 4308 aliide - ok
21:31:35.0526 4308 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:31:35.0526 4308 amdagp - ok
21:31:35.0542 4308 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:31:35.0557 4308 amdide - ok
21:31:35.0588 4308 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:31:35.0588 4308 AmdK7 - ok
21:31:35.0620 4308 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:31:35.0620 4308 AmdK8 - ok
21:31:35.0666 4308 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:31:35.0666 4308 arc - ok
21:31:35.0698 4308 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:31:35.0698 4308 arcsas - ok
21:31:35.0713 4308 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:35.0713 4308 AsyncMac - ok
21:31:35.0744 4308 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
21:31:35.0744 4308 atapi - ok
21:31:35.0791 4308 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
21:31:35.0791 4308 avgntflt - ok
21:31:35.0869 4308 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
21:31:35.0885 4308 avipbb - ok
21:31:35.0947 4308 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:31:35.0947 4308 Beep - ok
21:31:35.0978 4308 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:31:35.0978 4308 blbdrive - ok
21:31:36.0010 4308 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
21:31:36.0010 4308 bowser - ok
21:31:36.0056 4308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:31:36.0056 4308 BrFiltLo - ok
21:31:36.0072 4308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:31:36.0072 4308 BrFiltUp - ok
21:31:36.0103 4308 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:31:36.0103 4308 Brserid - ok
21:31:36.0119 4308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:31:36.0119 4308 BrSerWdm - ok
21:31:36.0134 4308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:31:36.0150 4308 BrUsbMdm - ok
21:31:36.0150 4308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:31:36.0150 4308 BrUsbSer - ok
21:31:36.0212 4308 BthEnum (cce53afc28347cc18ea139972e5b5e5a) C:\Windows\system32\DRIVERS\BthEnum.sys
21:31:36.0212 4308 BthEnum - ok
21:31:36.0259 4308 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:31:36.0259 4308 BTHMODEM - ok
21:31:36.0290 4308 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:31:36.0290 4308 BthPan - ok
21:31:36.0353 4308 BTHPORT (ac8a1689d5efc4d214201155a78d8f4b) C:\Windows\system32\Drivers\BTHport.sys
21:31:36.0353 4308 BTHPORT - ok
21:31:36.0400 4308 BTHUSB (288c1f74e3e2eed6c7b54eb3aac70856) C:\Windows\system32\Drivers\BTHUSB.sys
21:31:36.0400 4308 BTHUSB - ok
21:31:36.0446 4308 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:31:36.0446 4308 cdfs - ok
21:31:36.0493 4308 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
21:31:36.0493 4308 cdrom - ok
21:31:36.0509 4308 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:31:36.0509 4308 circlass - ok
21:31:36.0540 4308 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
21:31:36.0540 4308 CLFS - ok
21:31:36.0634 4308 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:31:36.0634 4308 CmBatt - ok
21:31:36.0649 4308 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:31:36.0665 4308 cmdide - ok
21:31:36.0680 4308 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:31:36.0680 4308 Compbatt - ok
21:31:36.0696 4308 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:31:36.0696 4308 crcdisk - ok
21:31:36.0712 4308 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:31:36.0727 4308 Crusoe - ok
21:31:36.0790 4308 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
21:31:36.0805 4308 DfsC - ok
21:31:36.0868 4308 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
21:31:36.0868 4308 disk - ok
21:31:36.0961 4308 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:31:36.0961 4308 drmkaud - ok
21:31:37.0008 4308 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:31:37.0008 4308 dtsoftbus01 - ok
21:31:37.0055 4308 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
21:31:37.0055 4308 DXGKrnl - ok
21:31:37.0117 4308 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:31:37.0117 4308 E1G60 - ok
21:31:37.0164 4308 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
21:31:37.0164 4308 Ecache - ok
21:31:37.0195 4308 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:31:37.0195 4308 elxstor - ok
21:31:37.0226 4308 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:31:37.0226 4308 ErrDev - ok
21:31:37.0289 4308 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
21:31:37.0289 4308 exfat - ok
21:31:37.0336 4308 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
21:31:37.0351 4308 fastfat - ok
21:31:37.0398 4308 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:31:37.0398 4308 fdc - ok
21:31:37.0429 4308 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:31:37.0429 4308 FileInfo - ok
21:31:37.0476 4308 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:31:37.0476 4308 Filetrace - ok
21:31:37.0492 4308 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:31:37.0507 4308 flpydisk - ok
21:31:37.0523 4308 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
21:31:37.0538 4308 FltMgr - ok
21:31:37.0601 4308 FPSensor (78c108c807afdc45d7867b96d01aa8f2) C:\Windows\system32\Drivers\FPSensor.sys
21:31:37.0601 4308 FPSensor - ok
21:31:37.0632 4308 FPWinIo (4eff8408dd280f2468c39d0f4a2cec0d) C:\Windows\system32\DRIVERS\FPWinIo.sys
21:31:37.0632 4308 FPWinIo - ok
21:31:37.0632 4308 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:31:37.0648 4308 Fs_Rec - ok
21:31:37.0663 4308 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:31:37.0663 4308 gagp30kx - ok
21:31:37.0710 4308 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
21:31:37.0710 4308 hamachi - ok
21:31:37.0741 4308 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:31:37.0741 4308 HdAudAddService - ok
21:31:37.0757 4308 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:31:37.0757 4308 HDAudBus - ok
21:31:37.0788 4308 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:31:37.0788 4308 HidBth - ok
21:31:37.0804 4308 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:31:37.0804 4308 HidIr - ok
21:31:37.0819 4308 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
21:31:37.0819 4308 HidUsb - ok
21:31:37.0882 4308 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:31:37.0882 4308 HpCISSs - ok
21:31:37.0944 4308 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
21:31:37.0960 4308 HTTP - ok
21:31:37.0960 4308 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:31:37.0960 4308 i2omp - ok
21:31:37.0991 4308 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:31:37.0991 4308 i8042prt - ok
21:31:38.0053 4308 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
21:31:38.0053 4308 iaStor - ok
21:31:38.0084 4308 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:31:38.0084 4308 iaStorV - ok
21:31:38.0131 4308 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:31:38.0131 4308 iirsp - ok
21:31:38.0178 4308 IntcAzAudAddService - ok
21:31:38.0194 4308 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:31:38.0194 4308 intelide - ok
21:31:38.0209 4308 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:31:38.0209 4308 intelppm - ok
21:31:38.0256 4308 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:38.0256 4308 IpFilterDriver - ok
21:31:38.0256 4308 IpInIp - ok
21:31:38.0287 4308 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:31:38.0287 4308 IPMIDRV - ok
21:31:38.0318 4308 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:31:38.0318 4308 IPNAT - ok
21:31:38.0334 4308 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:31:38.0350 4308 IRENUM - ok
21:31:38.0350 4308 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:31:38.0350 4308 isapnp - ok
21:31:38.0365 4308 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
21:31:38.0381 4308 iScsiPrt - ok
21:31:38.0396 4308 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:31:38.0396 4308 iteatapi - ok
21:31:38.0412 4308 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:31:38.0428 4308 iteraid - ok
21:31:38.0443 4308 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:38.0443 4308 kbdclass - ok
21:31:38.0459 4308 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:31:38.0459 4308 kbdhid - ok
21:31:38.0506 4308 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
21:31:38.0506 4308 KSecDD - ok
21:31:38.0537 4308 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:31:38.0537 4308 lltdio - ok
21:31:38.0599 4308 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:31:38.0599 4308 LSI_FC - ok
21:31:38.0615 4308 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:31:38.0630 4308 LSI_SAS - ok
21:31:38.0662 4308 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:31:38.0677 4308 LSI_SCSI - ok
21:31:38.0724 4308 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:31:38.0724 4308 luafv - ok
21:31:38.0755 4308 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:31:38.0771 4308 MBAMProtector - ok
21:31:38.0833 4308 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:31:38.0833 4308 megasas - ok
21:31:38.0911 4308 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:31:38.0911 4308 MegaSR - ok
21:31:38.0927 4308 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:31:38.0927 4308 Modem - ok
21:31:38.0974 4308 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:31:38.0974 4308 monitor - ok
21:31:38.0989 4308 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:31:38.0989 4308 mouclass - ok
21:31:39.0005 4308 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:31:39.0005 4308 mouhid - ok
21:31:39.0020 4308 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:31:39.0020 4308 MountMgr - ok
21:31:39.0052 4308 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:31:39.0052 4308 mpio - ok
21:31:39.0114 4308 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:31:39.0114 4308 mpsdrv - ok
21:31:39.0145 4308 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:31:39.0145 4308 Mraid35x - ok
21:31:39.0145 4308 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
21:31:39.0145 4308 MRxDAV - ok
21:31:39.0192 4308 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:39.0192 4308 mrxsmb - ok
21:31:39.0223 4308 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:39.0223 4308 mrxsmb10 - ok
21:31:39.0223 4308 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:39.0223 4308 mrxsmb20 - ok
21:31:39.0301 4308 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
21:31:39.0301 4308 msahci - ok
21:31:39.0332 4308 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:31:39.0332 4308 msdsm - ok
21:31:39.0348 4308 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:31:39.0348 4308 Msfs - ok
21:31:39.0395 4308 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:31:39.0395 4308 msisadrv - ok
21:31:39.0426 4308 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:31:39.0426 4308 MSKSSRV - ok
21:31:39.0442 4308 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:39.0442 4308 MSPCLOCK - ok
21:31:39.0457 4308 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:31:39.0473 4308 MSPQM - ok
21:31:39.0488 4308 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
21:31:39.0488 4308 MsRPC - ok
21:31:39.0504 4308 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:31:39.0504 4308 mssmbios - ok
21:31:39.0520 4308 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:31:39.0520 4308 MSTEE - ok
21:31:39.0535 4308 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
21:31:39.0551 4308 Mup - ok
21:31:39.0582 4308 mwlPSDFilter (62d3c8e2e75abd9fc3dee1b0e5b437e0) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:31:39.0582 4308 mwlPSDFilter - ok
21:31:39.0644 4308 mwlPSDNServ (3963db3d50d60d17ce7a5eb7d4da2e7d) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:31:39.0644 4308 mwlPSDNServ - ok
21:31:39.0691 4308 mwlPSDVDisk (c6de675ce2f2b6e4f78bf7e8187fc1ec) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:31:39.0691 4308 mwlPSDVDisk - ok
21:31:39.0738 4308 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
21:31:39.0738 4308 NativeWifiP - ok
21:31:39.0785 4308 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
21:31:39.0800 4308 NDIS - ok
21:31:39.0832 4308 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:39.0832 4308 NdisTapi - ok
21:31:39.0863 4308 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:39.0863 4308 Ndisuio - ok
21:31:39.0894 4308 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:39.0894 4308 NdisWan - ok
21:31:39.0956 4308 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:31:39.0956 4308 NDProxy - ok
21:31:40.0019 4308 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:31:40.0019 4308 NetBIOS - ok
21:31:40.0034 4308 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
21:31:40.0034 4308 netbt - ok
21:31:40.0206 4308 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
21:31:40.0253 4308 NETw5v32 - ok
21:31:40.0331 4308 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:31:40.0331 4308 nfrd960 - ok
21:31:40.0409 4308 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
21:31:40.0409 4308 Npfs - ok
21:31:40.0440 4308 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:31:40.0456 4308 nsiproxy - ok
21:31:40.0487 4308 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
21:31:40.0502 4308 Ntfs - ok
21:31:40.0534 4308 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:31:40.0549 4308 ntrigdigi - ok
21:31:40.0549 4308 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:31:40.0565 4308 Null - ok
21:31:40.0612 4308 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
21:31:40.0612 4308 NVHDA - ok
21:31:40.0939 4308 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:31:41.0267 4308 nvlddmkm - ok
21:31:41.0360 4308 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:31:41.0360 4308 nvraid - ok
21:31:41.0392 4308 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:31:41.0392 4308 nvstor - ok
21:31:41.0407 4308 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:31:41.0407 4308 nv_agp - ok
21:31:41.0423 4308 NwlnkFlt - ok
21:31:41.0438 4308 NwlnkFwd - ok
21:31:41.0470 4308 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:31:41.0470 4308 ohci1394 - ok
21:31:41.0548 4308 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:31:41.0548 4308 Parport - ok
21:31:41.0563 4308 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
21:31:41.0579 4308 partmgr - ok
21:31:41.0594 4308 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:31:41.0594 4308 Parvdm - ok
21:31:41.0610 4308 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
21:31:41.0610 4308 pci - ok
21:31:41.0626 4308 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:31:41.0626 4308 pciide - ok
21:31:41.0641 4308 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:31:41.0657 4308 pcmcia - ok
21:31:41.0704 4308 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:31:41.0719 4308 PEAUTH - ok
21:31:41.0782 4308 PhilCap (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
21:31:41.0797 4308 PhilCap - ok
21:31:41.0875 4308 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:31:41.0875 4308 PptpMiniport - ok
21:31:41.0906 4308 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:31:41.0906 4308 Processor - ok
21:31:41.0969 4308 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
21:31:41.0969 4308 PSched - ok
21:31:42.0031 4308 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:31:42.0047 4308 ql2300 - ok
21:31:42.0062 4308 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:31:42.0078 4308 ql40xx - ok
21:31:42.0109 4308 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:31:42.0109 4308 QWAVEdrv - ok
21:31:42.0140 4308 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:31:42.0140 4308 RasAcd - ok
21:31:42.0187 4308 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:42.0187 4308 Rasl2tp - ok
21:31:42.0203 4308 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:42.0203 4308 RasPppoe - ok
21:31:42.0218 4308 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
21:31:42.0218 4308 RasSstp - ok
21:31:42.0250 4308 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
21:31:42.0250 4308 rdbss - ok
21:31:42.0250 4308 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:42.0250 4308 RDPCDD - ok
21:31:42.0281 4308 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:31:42.0296 4308 rdpdr - ok
21:31:42.0312 4308 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:31:42.0312 4308 RDPENCDD - ok
21:31:42.0328 4308 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
21:31:42.0343 4308 RDPWD - ok
21:31:42.0406 4308 RFCOMM (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
21:31:42.0406 4308 RFCOMM - ok
21:31:42.0437 4308 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:31:42.0437 4308 rspndr - ok
21:31:42.0484 4308 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:31:42.0484 4308 RTL8169 - ok
21:31:42.0546 4308 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
21:31:42.0546 4308 RTSTOR - ok
21:31:42.0577 4308 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:31:42.0577 4308 sbp2port - ok
21:31:42.0624 4308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:31:42.0640 4308 secdrv - ok
21:31:42.0686 4308 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:31:42.0686 4308 Serenum - ok
21:31:42.0718 4308 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:31:42.0718 4308 Serial - ok
21:31:42.0733 4308 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:31:42.0749 4308 sermouse - ok
21:31:42.0764 4308 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:31:42.0764 4308 sffdisk - ok
21:31:42.0780 4308 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:31:42.0780 4308 sffp_mmc - ok
21:31:42.0811 4308 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:31:42.0811 4308 sffp_sd - ok
21:31:42.0827 4308 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:31:42.0827 4308 sfloppy - ok
21:31:42.0842 4308 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:31:42.0858 4308 sisagp - ok
21:31:42.0952 4308 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:31:42.0952 4308 SiSRaid2 - ok
21:31:42.0967 4308 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:31:42.0967 4308 SiSRaid4 - ok
21:31:43.0014 4308 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
21:31:43.0014 4308 Smb - ok
21:31:43.0154 4308 SNP2UVC (913d2ce973ed904fe54de9db38fceff2) C:\Windows\system32\DRIVERS\snp2uvc.sys
21:31:43.0170 4308 SNP2UVC - ok
21:31:43.0529 4308 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\Windows\system32\DRIVERS\snpstd3.sys
21:31:43.0825 4308 SNPSTD3 - ok
21:31:43.0934 4308 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:31:43.0934 4308 spldr - ok
21:31:43.0997 4308 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
21:31:43.0997 4308 srv - ok
21:31:44.0044 4308 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
21:31:44.0044 4308 srv2 - ok
21:31:44.0090 4308 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
21:31:44.0090 4308 srvnet - ok
21:31:44.0168 4308 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:31:44.0168 4308 swenum - ok
21:31:44.0184 4308 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:31:44.0184 4308 Symc8xx - ok
21:31:44.0215 4308 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:31:44.0215 4308 Sym_hi - ok
21:31:44.0231 4308 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:31:44.0231 4308 Sym_u3 - ok
21:31:44.0278 4308 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
21:31:44.0309 4308 Tcpip - ok
21:31:44.0324 4308 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
21:31:44.0340 4308 Tcpip6 - ok
21:31:44.0356 4308 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
21:31:44.0356 4308 tcpipreg - ok
21:31:44.0387 4308 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:31:44.0387 4308 TDPIPE - ok
21:31:44.0418 4308 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:31:44.0434 4308 TDTCP - ok
21:31:44.0449 4308 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
21:31:44.0449 4308 tdx - ok
21:31:44.0512 4308 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
21:31:44.0512 4308 TermDD - ok
21:31:44.0590 4308 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:44.0590 4308 tssecsrv - ok
21:31:44.0621 4308 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:31:44.0621 4308 tunmp - ok
21:31:44.0636 4308 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
21:31:44.0636 4308 tunnel - ok
21:31:44.0668 4308 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:31:44.0668 4308 uagp35 - ok
21:31:44.0699 4308 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
21:31:44.0699 4308 udfs - ok
21:31:44.0761 4308 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:31:44.0777 4308 uliagpkx - ok
21:31:44.0808 4308 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:31:44.0808 4308 uliahci - ok
21:31:44.0824 4308 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:31:44.0839 4308 UlSata - ok
21:31:44.0902 4308 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:31:44.0917 4308 ulsata2 - ok
21:31:44.0933 4308 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:31:44.0933 4308 umbus - ok
21:31:44.0995 4308 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:44.0995 4308 usbccgp - ok
21:31:45.0042 4308 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:31:45.0042 4308 usbcir - ok
21:31:45.0073 4308 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
21:31:45.0073 4308 usbehci - ok
21:31:45.0104 4308 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
21:31:45.0104 4308 usbhub - ok
21:31:45.0136 4308 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:31:45.0151 4308 usbohci - ok
21:31:45.0214 4308 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:31:45.0214 4308 usbprint - ok
21:31:45.0276 4308 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:31:45.0276 4308 usbscan - ok
21:31:45.0323 4308 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:45.0338 4308 USBSTOR - ok
21:31:45.0354 4308 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:31:45.0354 4308 usbuhci - ok
21:31:45.0401 4308 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:31:45.0401 4308 usbvideo - ok
21:31:45.0448 4308 uxddrv - ok
21:31:45.0510 4308 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:45.0510 4308 vga - ok
21:31:45.0526 4308 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:31:45.0526 4308 VgaSave - ok
21:31:45.0541 4308 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:31:45.0541 4308 viaagp - ok
21:31:45.0604 4308 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:31:45.0604 4308 ViaC7 - ok
21:31:45.0635 4308 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:31:45.0635 4308 viaide - ok
21:31:45.0666 4308 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:31:45.0666 4308 volmgr - ok
21:31:45.0697 4308 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
21:31:45.0697 4308 volmgrx - ok
21:31:45.0713 4308 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
21:31:45.0713 4308 volsnap - ok
21:31:45.0744 4308 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:31:45.0760 4308 vsmraid - ok
21:31:45.0822 4308 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:31:45.0838 4308 WacomPen - ok
21:31:45.0869 4308 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:45.0869 4308 Wanarp - ok
21:31:45.0884 4308 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:45.0884 4308 Wanarpv6 - ok
21:31:45.0916 4308 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:31:45.0916 4308 Wd - ok
21:31:45.0947 4308 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:31:45.0947 4308 Wdf01000 - ok
21:31:46.0040 4308 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:31:46.0040 4308 WmiAcpi - ok
21:31:46.0103 4308 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:31:46.0103 4308 ws2ifsl - ok
21:31:46.0165 4308 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:46.0165 4308 WUDFRd - ok
21:31:46.0212 4308 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
21:31:46.0212 4308 X10Hid - ok
21:31:46.0274 4308 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
21:31:46.0274 4308 XUIF - ok
21:31:46.0306 4308 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:31:46.0368 4308 \Device\Harddisk0\DR0 - ok
21:31:46.0368 4308 Boot (0x1200) (8904967d3c55762ed00a378317c8f356) \Device\Harddisk0\DR0\Partition0
21:31:46.0368 4308 \Device\Harddisk0\DR0\Partition0 - ok
21:31:46.0399 4308 Boot (0x1200) (8957560f233718f623a9d17568901752) \Device\Harddisk0\DR0\Partition1
21:31:46.0399 4308 \Device\Harddisk0\DR0\Partition1 - ok
21:31:46.0399 4308 ============================================================
21:31:46.0399 4308 Scan finished
21:31:46.0399 4308 ============================================================
21:31:46.0415 4224 Detected object count: 0
21:31:46.0415 4224 Actual detected object count: 0
|
|
08.01.2012, 00:47
| #10 |
| |  ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Laut dem komplettscan ist nichts mehr drauf, das kann aber nicht sein. Bei mir spinnt der BRowser immernoch (sowohl Firefox als auch InternetExplorer) Manche seiten wie z.B. Chip.de werden garnicht mehr geladen, als seien sie off und zB amazon.de läd keine grafiken (normaler Text-Seiten-Aufbau HTML) Betrifft auch andere Seiten die lt. Freunden online sind. Firefox Neuinstallation hat nichts geholfen. gebe ich auch hxxp://amazon.de ein so wird dies direkt in www.amazon.de geändert. Das ändert er bei jeder URL. das sollte so auch nicht sein, vermute eine änderung in der Registry, aber wo? Geändert von Change (08.01.2012 um 01:00 Uhr) |
|
08.01.2012, 09:40
| #11 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Hi, Du hast mehrer DHCP-Server konfiguriert: 192.168.178.1 192.168.2.1 Fix für OTL:
Code:
ATTFilter
:Files
ipconfig /flushdns /c
Deployment-Cache löschen: Folge den Anweisungen auf dieser Seite Virus im Java-Cacheverzeichnis gefunden und dann dem Abschnitt "Lösung"... Lade Dir Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe runter, starte ihn und wähle folgende Optionen aus:
Starte durch "Scan". Das Logfile (FSS.txt) wird in dem Arbeitsverzeichnis erstellt. Log hier posten chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
08.01.2012, 13:39
| #12 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Hallo, vielen Dank. 1. OTL-Fix Ich habe ganz sicher keine DHCP-Server eingerichtet  Log siehe unten 2. Java lt. Anleitung soll ich auf Einstellungen > Systemsteuerung > Java-Plugin > Cache Ich finde dies aber irgendwie nicht, wenn ich auf Start > Systemsteuerung > Java klicke gibt es dort keinen Reiter der Cache heißt. Es gibt jedoch Temporäre Internetdateien, beim Klick auf Anzeigen öffnet sich der Java Cache Viewer, da steht aber 0.0 KB Im Browsermenü konnte ich auch nichts vergleichliches finden. 3. Farbar-Scan Nach Anleitung durchgeführt. Log siehe unten. Der http-Fehler besteht weiterhin. Zudem ist mir aufgefallen, das zB Skype nicht mehr rechts unten im Tray angezeigt wird. Nach Prozessabbruch durch den task-Manager und neustart wird es auch wieder im Tray angezeigt...aber nicht beim Startup von Windows. So langsam denke ich echt nach das System nochmal neu aufzusetzten . . . OTL-Fix-Log Code:
ATTFilter ========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Medion\Desktop\cmd.bat deleted successfully.
C:\Users\Medion\Desktop\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.31.0 log created on 01082012_132727
Code:
ATTFilter Farbar Service Scanner
Ran by Medion (administrator) on 08-01-2012 at 13:35:53
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-21 03:24] - [2008-01-21 03:24] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D
C:\Windows\system32\Drivers\afd.sys
[2011-10-21 20:11] - [2011-04-21 14:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-10-21 20:09] - [2010-06-16 16:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9
C:\Windows\system32\dnsrslvr.dll
[2011-10-21 20:11] - [2011-03-02 15:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D
C:\Windows\system32\mpssvc.dll
[2008-01-21 03:24] - [2008-01-21 03:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B
C:\Windows\system32\bfe.dll
[2008-01-21 03:23] - [2008-01-21 03:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 03:23] - [2008-01-21 03:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-10-21 20:10] - [2009-03-03 05:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
**** End of log ****
|
|
08.01.2012, 23:15
| #13 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Update: Aufgrund der ganzen Fehler habe ich nun mein Betriebssystem neu aufgezogen. Vielen Dank für deine Mühen! Ich habe nun noch eine Frage. Habe die Dateien die ich nicht brauche (ca. 350 MB) in ein Archiv gepackt und dieses auf eine Onlinefestplatte hochgeladen. Wenn ich die Dateien jetzt herunterlade möchte ich nicht gleich wieder infiziert sein, wie kann ich die Dateien sicher entpacken und auf infizierungen hin prüfen? Stichwort Sandbox? Ist mir ein Begriff aber keine Erfahrung/Kenntnis im Umgang. Vielen Dank |
|
09.01.2012, 22:06
| #14 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . *Habe die Dateien die ich brauche ... |
|
10.01.2012, 07:25
| #15 |
| | ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . Hi, Sandboxie (http://filepony.de/download-sandboxie/). Ich nehme an, dass Du nur Daten gesichert hast, eine Infizierung ist da eher unwahrscheinlich... Einfach auspacken und bevor Du eine Datei aufrufst, den Scanner drüber jagen... Du solltest von der Sandbox aus den Firefox starten... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu ukash - BKA - Aus Sicherheitsgründen Betriebssystem gesperrt . . . |
| anzeige, betriebssystem, bildschirm weiß, computer, e-mails, euro, exp/cve-2010-0840.fk, exp/java.blacole.h, exp/java.blacole.p, exp/pidief.aif, html/infected.webpage.gen3, internet, nicht mehr, nichts, plötzlich, pup.bundleoffer.downloader.s, pup.cnet.adware.bundle, seite, task-manager, taskleiste, trojan.ransom.gen, verbindung, vista home premium, wpbt0.dll |
Linear-Darstellung
