|
Plagegeister aller Art und deren Bekämpfung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.01.2012, 21:01 | #1 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hallo, nun hat es den Laptop (Windows Vista) meiner Frau auch erwischt, bei aktiver Internetverbindung erscheint der Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" mit der Aufforderung, eine kostenpflichtige Antivirensoftware herunterzuladen. Ohne Netzwerkverbindung läuft der Laptop. Die Tools habe ich mit meinem Rechner runtergeladen und per USB-Stick übertragen, die Logfiles nahmen den gleichen Weg zurück. Was ich bis jetzt gemacht habe: Defogger gestartet und Disable geklickt. Keine Fehlermeldung und keine Neustart erforderlich. OTL gestartet hier die Logfiles: OTL.txt Code:
ATTFilter OTL logfile created on: 11.01.2012 19:26:01 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,25 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 62,89% Memory free 4,72 Gb Paging File | 3,67 Gb Available in Paging File | 77,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282,27 Gb Total Space | 176,97 Gb Free Space | 62,70% Space Free | Partition Type: NTFS Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.11 19:07:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martina\Desktop\OTL.exe PRC - [2011.11.23 08:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2011.09.20 11:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2011.06.30 10:20:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 15:52:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.26 19:35:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.05.08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:36 | 000,065,536 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.08 12:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe PRC - [2008.10.21 11:36:28 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\PlayMovie\PMVService.exe PRC - [2008.10.07 13:31:44 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\Cyberlink\Shared files\brs.exe PRC - [2008.09.18 19:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.09.08 11:10:20 | 000,450,560 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe PRC - [2008.09.08 11:09:40 | 000,184,320 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2011.11.23 09:00:00 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2011.11.23 08:59:08 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2011.11.23 08:58:18 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2011.11.23 08:57:28 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2011.11.23 08:57:26 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2011.11.23 08:57:24 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2011.11.23 08:57:24 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2011.11.23 08:57:22 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2011.11.23 08:57:20 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2011.11.23 08:56:02 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2011.11.23 08:55:58 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2011.11.23 08:55:56 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2011.11.23 08:55:26 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.04.11 07:27:36 | 000,065,536 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe ========== Win32 Services (SafeList) ========== SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2011.06.30 10:20:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.04.27 15:52:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.09.08 11:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2008.09.08 11:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - [2011.06.30 10:20:33 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 10:20:33 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.04.28 17:48:33 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.04.28 17:48:33 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.30 21:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2009.04.30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.21 11:40:46 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.10.07 20:31:38 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2008.09.29 14:59:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.05 12:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008.07.28 15:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.5.9 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] [2009.06.03 19:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Extensions [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions [2010.10.16 14:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.27 11:50:34 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2011.05.14 16:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\ffxtlbr@babylon.com [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\staged [2011.06.27 21:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.13 20:20:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE () (No name found) -- C:\USERS\CHEFFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JHD3XB5D.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.14 16:54:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC336C5-793C-4413-91D7-08C17FDC82EA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B89040-6443-4225-B504-681C414A9CAB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTARTER.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software [2011.12.27 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\kinoma [2011.12.27 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Sony Corporation [2011.12.27 11:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.12.27 10:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma [2011.12.27 10:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc [2011.12.27 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\Sony Corporation [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2011.12.27 10:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2011.12.25 13:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\A Vampyre Story [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.11 19:24:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.11 19:24:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.11 19:24:09 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.11 19:24:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.11 19:22:18 | 000,000,000 | ---- | M] () -- C:\Users\Cheffe\defogger_reenable [2012.01.11 19:21:51 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job [2012.01.11 19:21:27 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.01.11 19:20:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.11 19:19:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.11 19:19:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.11 19:19:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.11 19:19:34 | 2414,067,712 | -HS- | M] () -- C:\hiberfil.sys [2012.01.01 22:16:34 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.01.01 16:52:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.27 17:49:33 | 000,407,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.27 10:07:30 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | M] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.11 19:22:18 | 000,000,000 | ---- | C] () -- C:\Users\Cheffe\defogger_reenable [2012.01.11 19:19:34 | 2414,067,712 | -HS- | C] () -- C:\hiberfil.sys [2011.12.27 10:07:30 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | C] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [2011.07.24 18:20:41 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2009.09.25 15:52:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.25 15:52:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.12 17:20:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.12 17:20:29 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.06.22 16:37:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.06.07 12:30:23 | 000,050,176 | ---- | C] () -- C:\Users\Cheffe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.04.30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.02.05 22:33:04 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.02.05 22:33:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.02.05 22:33:04 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.02.05 22:33:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.02.05 14:01:52 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2009.02.05 13:54:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.02.05 13:45:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,407,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.06.20 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Ankh [2010.10.25 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Canneverbe Limited [2010.03.16 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\ICQ [2011.12.27 11:50:35 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\kikin [2011.05.29 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\QuickStoresToolbar [2009.06.22 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Thunderbird [2012.01.01 17:24:27 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.11 19:21:51 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.01.2012 19:26:01 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,25 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 62,89% Memory free 4,72 Gb Paging File | 3,67 Gb Available in Paging File | 77,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282,27 Gb Total Space | 176,97 Gb Free Space | 62,70% Space Free | Partition Type: NTFS Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{033DE1ED-CFD8-437D-90DC-AA4701D854C9}" = lport=2869 | protocol=6 | dir=in | app=system | "{08311AA2-A7C4-4214-86CB-C77D2C2CAA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{086965D4-CC7C-4B6F-A810-CFDC30D6E9B6}" = rport=10243 | protocol=6 | dir=out | app=system | "{0F9B34C9-E50A-4619-87FE-6021ECF420D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{18DA6B8C-4D44-4322-92C2-28919BB8D966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{76FD0AA7-5F77-4F6C-B58F-0F1B31428CD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8897F6FD-2276-4E2B-954F-17D4779645C3}" = lport=10243 | protocol=6 | dir=in | app=system | "{A7CC8194-7AF6-4532-8B0C-25CCE7BD4046}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ACC00DE5-8ACD-4C42-B322-52CB13817676}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DCB0F727-8551-4960-BFB8-928A076CEFA4}" = lport=2869 | protocol=6 | dir=in | app=system | "{EA8C70E3-254E-461C-9BF5-394DBE55BA69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F204D640-80E2-4D9A-8B54-217EDCEC9ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{014B3176-174F-45E1-A67E-7571DC4F1B29}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | "{107A1434-4517-471C-A627-5CCA9F876A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{25F7F8F7-6A72-4FA4-8A71-A2E6F4338415}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{2B21C8B0-3E83-4148-97E1-DAD16DA278A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2D344E22-3F8C-4966-8FE7-9892E5F7BC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2F50F021-901B-4948-AD9E-C04B04FDBD69}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{34025196-C1A0-4974-8F16-5A337D4AC10E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | "{3827EE72-7CCA-41D1-92D3-9ABEF5362B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{581B3538-86C0-41E1-9874-2C7B61028CA2}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe | "{5A478E19-6ECB-444C-89D2-E535A3533A10}" = dir=in | app=c:\program files\itunes\itunes.exe | "{5AA2CACC-786E-4AF0-AFBE-FA9A6DB34F36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{626EF331-9564-425D-BAA8-84336305AC01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6DC40A49-80F9-4C6F-A447-E1B13330B191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{794CBED7-7D41-414C-80E2-28346E0F46C2}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{79664EA1-941D-4885-94DE-8D1B386AC0A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8046692F-0856-4F92-B146-48C504934350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{890A5A65-C386-4D40-980E-9B871BC24B75}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | "{89A64704-0D62-481A-B188-BEB3D4829999}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{8E9E018F-A7AC-4E3E-9F96-6B56391D4A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8F3F2096-EB53-462B-85BD-AD2E8E8EA891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9B1A7A81-40B7-4232-9BAE-1D59A86A644E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{AAF8BCBB-3861-4613-A2E4-54D3D86077C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B3DB579D-E994-4D58-90C1-04CE588DE7BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B8DE90CF-8C3A-4DA0-9070-635BE8769F8A}" = protocol=6 | dir=out | app=system | "{BA9B958E-5D86-4CB4-8C51-2AC58E5EED0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BBED257C-6A5C-4B92-BB66-CC596EF00503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C79981B7-778D-466F-ADD6-6517F3E631EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{C97BFDF3-A2EB-4DCE-8185-D87F39C219A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E61D77B2-0E4B-4C7E-B74F-512EA233AF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EB74D9A7-626C-4DC0-A1E2-1F14A7ACAEF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ECCF2B5B-5F03-4170-BA2A-19E50A6F62D4}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe | "{ECF2D918-DBD7-4E24-AD51-DD29A68FCE39}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{ED946555-15FD-43D9-B3B3-7EF54AA1B61E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{F6C4CA97-A9BF-4F30-AD48-FA8DEF9B1067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F8C54AB4-4DD2-4812-8912-66C5CBA791AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "TCP Query User{0786A12F-9609-43FF-9123-16E8E76D0F51}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{28937610-D652-4B08-A258-785CAFD8E492}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | "TCP Query User{56CCA9BC-2E73-4510-8625-D9C75553C677}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | "TCP Query User{878E611D-6171-4884-A351-0EFE8619D792}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "TCP Query User{9D5EEFCB-F126-45D8-8D4D-280795F401C0}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | "TCP Query User{A646A1A9-A08B-4EFA-8FD2-6A74DABBA51B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | "TCP Query User{D232A219-2C36-4648-AC3E-B3A9A552ED21}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{F05175A7-5A3E-4B12-9FE6-D5C6CEFB8EE1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{F6090DC2-5A94-42B2-8B76-FF4A9C90177F}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | "TCP Query User{F960C423-F010-4878-BABE-0B4DCC2413C8}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | "UDP Query User{0271C050-90E5-4326-A662-300AE7D78FD3}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "UDP Query User{4F84468F-FF4B-44A0-A54C-01DB4869C1F0}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | "UDP Query User{5825C956-4B68-4B71-93F9-9E76250D5263}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | "UDP Query User{6923D76E-4FB1-4B16-84A0-724B0DAB78AC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{7B079471-6D09-49F0-8A37-368E533E4B83}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | "UDP Query User{AF192E8B-C662-4544-AA61-D45E44FE65B3}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | "UDP Query User{DA329EFF-0F3F-4C7B-882B-C5F7D88FB1D8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{ED490460-D2BB-4D2D-A631-544B018D121C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{F649B6D4-AAAF-4BD3-A9A3-E0CFCAC2247B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | "UDP Query User{F961846E-F484-4167-9292-37282D6AFAF4}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI: Dark Motives "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{4B21AAD6-6AB1-465A-A4AE-5CC1B7A0FCC9}" = Informaticus "{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.4 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}" = Hollywood - Directors Cut "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.5 "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "A Vampyre Story" = A Vampyre Story "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Ankh" = Ankh "Ankh3" = Ankh3 "Art of Murder/DE-German_is1" = Die Kunst des Mordens: Geheimakte FBI "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BabylonToolbar" = Babylon toolbar "CodInstl" = Intel A/V Codecs V2.0 "Curse - The Eye of Isis" = Curse - The Eye of Isis "Der Stein der Weisen" = Der Stein der Weisen "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Google Desktop" = Google Desktop "Holly im Wunderland" = Holly im Wunderland "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5) "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Picasa2" = Picasa 2 "PirateVille" = PirateVille "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0 "SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service "Shockwave" = Shockwave "So Blonde" = So Blonde "SynTPDeinstKey" = Synaptics Pointing Device Driver "The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales Version 1.02 "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.12.2011 09:39:49 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.12.2011 09:40:57 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10 Description = Error - 31.12.2011 05:11:15 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.12.2011 05:11:15 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.12.2011 05:12:24 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10 Description = Error - 01.01.2012 05:55:28 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 01.01.2012 05:55:28 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 01.01.2012 05:56:37 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10 Description = Error - 01.01.2012 17:08:56 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 01.01.2012 17:08:56 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 01.01.2012 17:16:44 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.01.2012 14:13:43 | Computer Name = Martina-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 01.01.2012 um 22:18:02 unerwartet heruntergefahren. Error - 11.01.2012 14:14:08 | Computer Name = Martina-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Error - 11.01.2012 14:14:10 | Computer Name = Martina-PC | Source = DCOM | ID = 10005 Description = Error - 11.01.2012 14:14:17 | Computer Name = Martina-PC | Source = DCOM | ID = 10005 Description = Error - 11.01.2012 14:14:22 | Computer Name = Martina-PC | Source = DCOM | ID = 10005 Description = Error - 11.01.2012 14:14:27 | Computer Name = Martina-PC | Source = DCOM | ID = 10005 Description = Error - 11.01.2012 14:14:58 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001 Description = Error - 11.01.2012 14:14:58 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.01.2012 14:21:10 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Der Scan brach nach einiger Zeit ab mit der Meldung: xxxxx.exe (gmer) funktioniert nicht mehr Das Programm wird aufgrund eines Porblems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung verfügbar ist. Programm schließen Ein Logfile wurde nicht erstellt. Bis zum Abbruch waren bereits einige Meldungen, die ich aber leider nicht abgeschrieben habe, bevor ich das Fenster zugemacht habe. Ein zweiter Versuch im abgesicherten Modus endete sofort mit der gleichen Fehlermeldung, gmer ließ sich gar nicht starten. 3. Versuch, neuer Download (und damit neuer Dateiname), jetzt sofort im abgesicherten Modus ausgeführt Scan startet, bricht aber nach kurzer Zeit mit der gleichen Fehlermeldung ab. Keine weiteren Meldungen. Ich hoffe, ihr könnt mir helfen. Mfg Skraty |
11.01.2012, 21:24 | #2 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi,
__________________soso, ein Explorer in AppData... C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe Bin faul, MAM auf einen Stick ziehen, rüber kopieren und installieren und Fullscann... Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. Sonst kille ich ihn "per hand"... chris Hihih, Markus und ich haben es mal wieder geschafft... ;o), na, wer soll weiter machen...????
__________________ Geändert von Chris4You (11.01.2012 um 21:38 Uhr) |
11.01.2012, 21:24 | #3 |
/// Malware-holic | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL :Files C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
16.01.2012, 22:29 | #4 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Erst mal danke, dass ihr euch um mich kümmert Ich habe mich jetzt mal für die Variante von Chris entschieden und MAM drüberlaufen lassen. 1. Durchlauf - ohne Aktualisierung kein Fund 2. Durchlauf - nach Aktualisierung 2 Funde, einmal der von dir angegebene und noch ein weiterer, der so ähnlich lautete, sich aber woanders versteckt hatte. Leider ist das Logfile im Datennirvana verschwunden und nicht auffindbar. Entfernung wurde als erfolgreich gemeldet. zur Sicherheit noch 3. Durchlauf gemacht, wieder ein Fund. Hier gibts auch ein Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.11.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19170 Martina :: MARTINA-PC [limited] 14.01.2012 22:15:42 mbam-log-2012-01-14 (22-15-42).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 397624 Time elapsed: 1 hour(s), 41 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iexploer.exe (Trojan.Agent) -> Data: C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) und weil´s so schön war, noch ein 4. Durchlauf, ohne Fund Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.11.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19170 Martina :: MARTINA-PC [limitiert] 15.01.2012 02:07:03 mbam-log-2012-01-15 (02-07-03).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 397560 Laufzeit: 1 Stunde(n), 36 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) MfG Jörg |
17.01.2012, 07:32 | #5 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi, bitte ein neues OTL-Log und TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... ESET Online Scanner ESET Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten. Button "ESET Online Scanner" drücken. Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren. Das Firefox-Addon auf dem Desktop speichern und dann installieren. IE-User müssen das Installieren eines ActiveX Elements erlauben. Einen Haken bei "Remove found threads" und "Scan archives" machen. Start drücken. Der Scan beginnt automatisch. Finish drücken. Browser schließen. Explorer öffnen. C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen. Logfile hier posten. Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen. Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset IE-User zusätzlich: mit HJT folgenden Eintrag fixen: O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
19.01.2012, 21:35 | #6 | |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hallo Chris habe die Scans durchlaufen lassen. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.01.2012 21:54:31 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,25 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 57,52% Memory free 4,72 Gb Paging File | 3,63 Gb Available in Paging File | 76,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282,27 Gb Total Space | 174,37 Gb Free Space | 61,78% Space Free | Partition Type: NTFS Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martina\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () ========== Win32 Services (SafeList) ========== SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (Cyberlink Corp.) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Programme\HomeCinema\PowerDVD8\000.fcl (Cyberlink Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.5.9 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] [2009.06.03 19:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Extensions [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions [2010.10.16 14:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.27 11:50:34 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2011.05.14 16:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\ffxtlbr@babylon.com [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\staged [2011.06.27 21:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.13 20:20:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE () (No name found) -- C:\USERS\CHEFFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JHD3XB5D.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.14 16:54:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC336C5-793C-4413-91D7-08C17FDC82EA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B89040-6443-4225-B504-681C414A9CAB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTARTER.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.11 21:50:25 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Malwarebytes [2012.01.11 21:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.11 21:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.11 21:50:13 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.11 21:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software [2011.12.27 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\kinoma [2011.12.27 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Sony Corporation [2011.12.27 11:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.12.27 10:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma [2011.12.27 10:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc [2011.12.27 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\Sony Corporation [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2011.12.27 10:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2011.12.25 13:33:43 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2011.12.25 13:33:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2011.12.25 13:33:42 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2011.12.25 13:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\A Vampyre Story [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.17 21:52:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.17 21:01:58 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.01.17 21:01:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.17 20:55:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.17 20:55:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.17 20:55:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.17 20:55:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.17 20:50:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.17 20:50:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.17 20:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.17 20:50:03 | 2414,153,728 | -HS- | M] () -- C:\hiberfil.sys [2012.01.16 22:12:26 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job [2012.01.16 22:10:26 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.01.11 21:50:14 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.11 19:22:18 | 000,000,000 | ---- | M] () -- C:\Users\Cheffe\defogger_reenable [2011.12.27 17:49:33 | 000,407,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.27 10:07:30 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | M] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.11 21:50:14 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.11 21:46:41 | 2414,153,728 | -HS- | C] () -- C:\hiberfil.sys [2012.01.11 19:22:18 | 000,000,000 | ---- | C] () -- C:\Users\Cheffe\defogger_reenable [2011.12.27 10:07:30 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | C] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [2011.07.24 18:20:41 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2009.09.25 15:52:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.25 15:52:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.12 17:20:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.12 17:20:29 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.06.22 16:37:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.06.07 12:30:23 | 000,050,176 | ---- | C] () -- C:\Users\Cheffe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.04.30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.02.05 22:33:04 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.02.05 22:33:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.02.05 22:33:04 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.02.05 22:33:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.02.05 14:01:52 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2009.02.05 13:54:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.02.05 13:45:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,407,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.06.20 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Ankh [2010.10.25 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Canneverbe Limited [2010.03.16 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\ICQ [2011.12.27 11:50:35 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\kikin [2011.05.29 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\QuickStoresToolbar [2009.06.22 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Thunderbird [2012.01.16 23:49:43 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.16 22:12:26 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job ========== Purity Check ========== < End of report > extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.01.2012 21:54:31 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,25 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 57,52% Memory free 4,72 Gb Paging File | 3,63 Gb Available in Paging File | 76,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282,27 Gb Total Space | 174,37 Gb Free Space | 61,78% Space Free | Partition Type: NTFS Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{033DE1ED-CFD8-437D-90DC-AA4701D854C9}" = lport=2869 | protocol=6 | dir=in | app=system | "{08311AA2-A7C4-4214-86CB-C77D2C2CAA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{086965D4-CC7C-4B6F-A810-CFDC30D6E9B6}" = rport=10243 | protocol=6 | dir=out | app=system | "{0F9B34C9-E50A-4619-87FE-6021ECF420D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{18DA6B8C-4D44-4322-92C2-28919BB8D966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{76FD0AA7-5F77-4F6C-B58F-0F1B31428CD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8897F6FD-2276-4E2B-954F-17D4779645C3}" = lport=10243 | protocol=6 | dir=in | app=system | "{A7CC8194-7AF6-4532-8B0C-25CCE7BD4046}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ACC00DE5-8ACD-4C42-B322-52CB13817676}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DCB0F727-8551-4960-BFB8-928A076CEFA4}" = lport=2869 | protocol=6 | dir=in | app=system | "{EA8C70E3-254E-461C-9BF5-394DBE55BA69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F204D640-80E2-4D9A-8B54-217EDCEC9ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{014B3176-174F-45E1-A67E-7571DC4F1B29}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | "{107A1434-4517-471C-A627-5CCA9F876A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{25F7F8F7-6A72-4FA4-8A71-A2E6F4338415}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{2B21C8B0-3E83-4148-97E1-DAD16DA278A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2D344E22-3F8C-4966-8FE7-9892E5F7BC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2F50F021-901B-4948-AD9E-C04B04FDBD69}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{34025196-C1A0-4974-8F16-5A337D4AC10E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | "{3827EE72-7CCA-41D1-92D3-9ABEF5362B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{581B3538-86C0-41E1-9874-2C7B61028CA2}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe | "{5A478E19-6ECB-444C-89D2-E535A3533A10}" = dir=in | app=c:\program files\itunes\itunes.exe | "{5AA2CACC-786E-4AF0-AFBE-FA9A6DB34F36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{626EF331-9564-425D-BAA8-84336305AC01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6DC40A49-80F9-4C6F-A447-E1B13330B191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{794CBED7-7D41-414C-80E2-28346E0F46C2}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{79664EA1-941D-4885-94DE-8D1B386AC0A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8046692F-0856-4F92-B146-48C504934350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{890A5A65-C386-4D40-980E-9B871BC24B75}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | "{89A64704-0D62-481A-B188-BEB3D4829999}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{8E9E018F-A7AC-4E3E-9F96-6B56391D4A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8F3F2096-EB53-462B-85BD-AD2E8E8EA891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9B1A7A81-40B7-4232-9BAE-1D59A86A644E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{AAF8BCBB-3861-4613-A2E4-54D3D86077C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B3DB579D-E994-4D58-90C1-04CE588DE7BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B8DE90CF-8C3A-4DA0-9070-635BE8769F8A}" = protocol=6 | dir=out | app=system | "{BA9B958E-5D86-4CB4-8C51-2AC58E5EED0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BBED257C-6A5C-4B92-BB66-CC596EF00503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C79981B7-778D-466F-ADD6-6517F3E631EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{C97BFDF3-A2EB-4DCE-8185-D87F39C219A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E61D77B2-0E4B-4C7E-B74F-512EA233AF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EB74D9A7-626C-4DC0-A1E2-1F14A7ACAEF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ECCF2B5B-5F03-4170-BA2A-19E50A6F62D4}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe | "{ECF2D918-DBD7-4E24-AD51-DD29A68FCE39}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{ED946555-15FD-43D9-B3B3-7EF54AA1B61E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{F6C4CA97-A9BF-4F30-AD48-FA8DEF9B1067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F8C54AB4-4DD2-4812-8912-66C5CBA791AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "TCP Query User{0786A12F-9609-43FF-9123-16E8E76D0F51}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{28937610-D652-4B08-A258-785CAFD8E492}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | "TCP Query User{56CCA9BC-2E73-4510-8625-D9C75553C677}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | "TCP Query User{878E611D-6171-4884-A351-0EFE8619D792}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "TCP Query User{9D5EEFCB-F126-45D8-8D4D-280795F401C0}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | "TCP Query User{A646A1A9-A08B-4EFA-8FD2-6A74DABBA51B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | "TCP Query User{D232A219-2C36-4648-AC3E-B3A9A552ED21}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{F05175A7-5A3E-4B12-9FE6-D5C6CEFB8EE1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{F6090DC2-5A94-42B2-8B76-FF4A9C90177F}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | "TCP Query User{F960C423-F010-4878-BABE-0B4DCC2413C8}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | "UDP Query User{0271C050-90E5-4326-A662-300AE7D78FD3}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "UDP Query User{4F84468F-FF4B-44A0-A54C-01DB4869C1F0}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | "UDP Query User{5825C956-4B68-4B71-93F9-9E76250D5263}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | "UDP Query User{6923D76E-4FB1-4B16-84A0-724B0DAB78AC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{7B079471-6D09-49F0-8A37-368E533E4B83}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | "UDP Query User{AF192E8B-C662-4544-AA61-D45E44FE65B3}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | "UDP Query User{DA329EFF-0F3F-4C7B-882B-C5F7D88FB1D8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{ED490460-D2BB-4D2D-A631-544B018D121C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{F649B6D4-AAAF-4BD3-A9A3-E0CFCAC2247B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | "UDP Query User{F961846E-F484-4167-9292-37282D6AFAF4}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI: Dark Motives "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{4B21AAD6-6AB1-465A-A4AE-5CC1B7A0FCC9}" = Informaticus "{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.4 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}" = Hollywood - Directors Cut "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.5 "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "A Vampyre Story" = A Vampyre Story "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Ankh" = Ankh "Ankh3" = Ankh3 "Art of Murder/DE-German_is1" = Die Kunst des Mordens: Geheimakte FBI "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BabylonToolbar" = Babylon toolbar "CodInstl" = Intel A/V Codecs V2.0 "Curse - The Eye of Isis" = Curse - The Eye of Isis "Der Stein der Weisen" = Der Stein der Weisen "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Google Desktop" = Google Desktop "Holly im Wunderland" = Holly im Wunderland "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5) "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Picasa2" = Picasa 2 "PirateVille" = PirateVille "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0 "SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service "Shockwave" = Shockwave "So Blonde" = So Blonde "SynTPDeinstKey" = Synaptics Pointing Device Driver "The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales Version 1.02 "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.01.2012 16:48:14 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013 Description = Error - 11.01.2012 16:48:15 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013 Description = Error - 11.01.2012 16:48:15 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013 Description = Error - 11.01.2012 16:48:19 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10 Description = Error - 11.01.2012 16:48:40 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013 Description = Error - 11.01.2012 16:48:40 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013 Description = Error - 11.01.2012 20:18:35 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 11.01.2012 20:18:35 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 11.01.2012 20:19:41 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10 Description = Error - 14.01.2012 19:09:01 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001 Description = Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001 Description = Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001 Description = Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001 Description = Error - 11.01.2012 16:02:04 | Computer Name = Martina-PC | Source = DCOM | ID = 10005 Description = Error - 11.01.2012 16:48:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.01.2012 20:19:42 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 12.01.2012 14:36:53 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7011 Description = Error - 14.01.2012 19:10:09 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 15:51:41 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > ESET Online Scanner Der erste Durchlauf lief bis in die Nacht. Leider kam dann das automatische Windows-update mit Neustart Daher kein Report von diesem Scan. Hab den Durchlauf daher wiederholt, kein Fund, kein Bericht. Aber in der Quarantäne wird einiges angezeigt. Ich denke, dass ist beim ersten Durchlauf dorthin verschoben worden. Hmm, lässt sich nicht kopieren, muss ich es wohl abschreiben. Code:
ATTFilter C:\Users\Martina\AppData\Local\Temp\Update_b007.exe C:\Users\Martina\AppData\Local\Temp\Update_a91a.exe C:\Users\Martina\AppData\Local\Temp\Update_a0fb.exe C:\Users\Martina\AppData\Local\Temp\Update_7beb.exe C:\Users\Martina\AppData\Local\Temp\Update_665c.exe C:\Users\Martina\AppData\Local\Temp\Update_2f58.exe C:\Users\Martina\AppData\Local\Temp\Update_096b.exe C:\Users\Jörg\AppData\Local\Temp\Update_1b84.exe C:\Users\Cheffe\Downloads\MsgLive-490.exe C:\Users\Cheffe\AppData\Local\Temp\is887590510\MyBabylonTB.exe C:\Users\Cheffe\AppData\Local\Temp\ICReinstall\Update_096b.exe C:\Users\Cheffe\AppData\Local\Temp\NOD1F52.tmp C:\Program Files\BabylonToolbar\1.41.19.19\BabylonToolbarsrv.exe C:\Program Files\BabylonToolbar\1.41.19.19\BabylonToolbarAp p.dll Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ba4f1b20f6cdd24282f75b4e7ad580bb # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-18 01:03:55 # local_time=2012-01-18 02:03:55 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 100 1388204 101733273 1421213 0 # compatibility_mode=5892 16776573 100 100 4352 164369437 0 0 # compatibility_mode=8192 67108863 100 0 3867 3867 0 0 # scanned=263491 # found=14 # cleaned=14 # scan_time=11926 C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Cheffe\AppData\Local\Temp\NOD1F52.tmp a variant of Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Users\Cheffe\AppData\Local\Temp\ICReinstall\Update_096b.exe probably a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Cheffe\AppData\Local\Temp\is887590510\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Cheffe\Downloads\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Jörg\AppData\Local\Temp\Update_1b84.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Martina\AppData\Local\Temp\Update_096b.exe probably a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Martina\AppData\Local\Temp\Update_2f58.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Martina\AppData\Local\Temp\Update_665c.exe a variant of Win32/MessengerPlus.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Martina\AppData\Local\Temp\Update_7beb.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Martina\AppData\Local\Temp\Update_a0fb.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Martina\AppData\Local\Temp\Update_a91a.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Martina\AppData\Local\Temp\Update_b007.exe a variant of Win32/MessengerPlus.A application (deleted - quarantined) 00000000000000000000000000000000 C # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ba4f1b20f6cdd24282f75b4e7ad580bb # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-19 07:14:59 # local_time=2012-01-19 08:14:59 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 100 4835 101885202 0 0 # compatibility_mode=5892 16776573 100 100 156281 164521366 0 0 # compatibility_mode=8192 67108863 100 0 155796 155796 0 0 # scanned=263591 # found=0 # cleaned=0 # scan_time=11861 Leider kann ich hiermit Zitat:
MfG Jörg |
19.01.2012, 22:31 | #7 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi, sieht ok aus, was macht das TDSS-Log? chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
20.01.2012, 10:32 | #8 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert ist mir doch glatt durch die Lappen gegangen Code:
ATTFilter 22:17:35.0212 3676 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41 22:17:35.0293 3676 ============================================================ 22:17:35.0293 3676 Current date / time: 2012/01/17 22:17:35.0293 22:17:35.0293 3676 SystemInfo: 22:17:35.0293 3676 22:17:35.0293 3676 OS Version: 6.0.6002 ServicePack: 2.0 22:17:35.0293 3676 Product type: Workstation 22:17:35.0293 3676 ComputerName: MARTINA-PC 22:17:35.0294 3676 UserName: Cheffe 22:17:35.0294 3676 Windows directory: C:\Windows 22:17:35.0294 3676 System windows directory: C:\Windows 22:17:35.0294 3676 Processor architecture: Intel x86 22:17:35.0294 3676 Number of processors: 2 22:17:35.0294 3676 Page size: 0x1000 22:17:35.0294 3676 Boot type: Normal boot 22:17:35.0294 3676 ============================================================ 22:17:36.0534 3676 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:17:36.0603 3676 Initialize success 22:17:50.0219 1804 ============================================================ 22:17:50.0219 1804 Scan started 22:17:50.0219 1804 Mode: Manual; 22:17:50.0219 1804 ============================================================ 22:17:51.0065 1804 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys 22:17:51.0073 1804 acedrv11 - ok 22:17:51.0125 1804 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 22:17:51.0128 1804 ACPI - ok 22:17:51.0186 1804 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 22:17:51.0194 1804 adp94xx - ok 22:17:51.0220 1804 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 22:17:51.0226 1804 adpahci - ok 22:17:51.0252 1804 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 22:17:51.0253 1804 adpu160m - ok 22:17:51.0279 1804 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 22:17:51.0282 1804 adpu320 - ok 22:17:51.0351 1804 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 22:17:51.0354 1804 AFD - ok 22:17:51.0404 1804 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 22:17:51.0406 1804 agp440 - ok 22:17:51.0436 1804 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 22:17:51.0438 1804 aic78xx - ok 22:17:51.0467 1804 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 22:17:51.0468 1804 aliide - ok 22:17:51.0500 1804 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 22:17:51.0502 1804 amdagp - ok 22:17:51.0527 1804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 22:17:51.0528 1804 amdide - ok 22:17:51.0554 1804 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 22:17:51.0555 1804 AmdK7 - ok 22:17:51.0575 1804 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 22:17:51.0577 1804 AmdK8 - ok 22:17:51.0640 1804 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 22:17:51.0641 1804 arc - ok 22:17:51.0674 1804 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 22:17:51.0676 1804 arcsas - ok 22:17:51.0715 1804 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 22:17:51.0716 1804 AsyncMac - ok 22:17:51.0755 1804 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 22:17:51.0756 1804 atapi - ok 22:17:52.0019 1804 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys 22:17:52.0051 1804 athr - ok 22:17:52.0132 1804 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 22:17:52.0137 1804 atksgt - ok 22:17:52.0227 1804 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 22:17:52.0228 1804 avgio - ok 22:17:52.0285 1804 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 22:17:52.0287 1804 avgntflt - ok 22:17:52.0337 1804 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 22:17:52.0339 1804 avipbb - ok 22:17:52.0387 1804 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 22:17:52.0388 1804 Beep - ok 22:17:52.0430 1804 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 22:17:52.0432 1804 blbdrive - ok 22:17:52.0504 1804 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 22:17:52.0506 1804 bowser - ok 22:17:52.0538 1804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 22:17:52.0539 1804 BrFiltLo - ok 22:17:52.0561 1804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 22:17:52.0562 1804 BrFiltUp - ok 22:17:52.0593 1804 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 22:17:52.0595 1804 Brserid - ok 22:17:52.0626 1804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 22:17:52.0627 1804 BrSerWdm - ok 22:17:52.0648 1804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 22:17:52.0649 1804 BrUsbMdm - ok 22:17:52.0661 1804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 22:17:52.0662 1804 BrUsbSer - ok 22:17:52.0689 1804 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 22:17:52.0691 1804 BTHMODEM - ok 22:17:52.0731 1804 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 22:17:52.0733 1804 cdfs - ok 22:17:52.0764 1804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 22:17:52.0765 1804 cdrom - ok 22:17:52.0789 1804 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 22:17:52.0790 1804 circlass - ok 22:17:52.0841 1804 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 22:17:52.0844 1804 CLFS - ok 22:17:52.0903 1804 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 22:17:52.0904 1804 CmBatt - ok 22:17:52.0923 1804 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 22:17:52.0924 1804 cmdide - ok 22:17:52.0936 1804 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 22:17:52.0937 1804 Compbatt - ok 22:17:52.0958 1804 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 22:17:52.0959 1804 crcdisk - ok 22:17:52.0984 1804 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 22:17:52.0985 1804 Crusoe - ok 22:17:53.0052 1804 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 22:17:53.0053 1804 DfsC - ok 22:17:53.0132 1804 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 22:17:53.0133 1804 disk - ok 22:17:53.0176 1804 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 22:17:53.0177 1804 drmkaud - ok 22:17:53.0232 1804 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 22:17:53.0254 1804 DXGKrnl - ok 22:17:53.0279 1804 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 22:17:53.0281 1804 E1G60 - ok 22:17:53.0298 1804 EagleNT - ok 22:17:53.0372 1804 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 22:17:53.0374 1804 Ecache - ok 22:17:53.0423 1804 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 22:17:53.0429 1804 elxstor - ok 22:17:53.0473 1804 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 22:17:53.0474 1804 ErrDev - ok 22:17:53.0557 1804 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 22:17:53.0559 1804 exfat - ok 22:17:53.0605 1804 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 22:17:53.0608 1804 fastfat - ok 22:17:53.0652 1804 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 22:17:53.0653 1804 fdc - ok 22:17:53.0691 1804 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 22:17:53.0693 1804 FileInfo - ok 22:17:53.0731 1804 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 22:17:53.0732 1804 Filetrace - ok 22:17:53.0778 1804 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 22:17:53.0779 1804 flpydisk - ok 22:17:53.0855 1804 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 22:17:53.0857 1804 FltMgr - ok 22:17:53.0907 1804 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 22:17:53.0908 1804 Fs_Rec - ok 22:17:53.0928 1804 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 22:17:53.0929 1804 gagp30kx - ok 22:17:53.0983 1804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:17:53.0985 1804 GEARAspiWDM - ok 22:17:54.0085 1804 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 22:17:54.0088 1804 HdAudAddService - ok 22:17:54.0136 1804 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 22:17:54.0155 1804 HDAudBus - ok 22:17:54.0179 1804 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 22:17:54.0181 1804 HidBth - ok 22:17:54.0206 1804 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 22:17:54.0208 1804 HidIr - ok 22:17:54.0245 1804 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 22:17:54.0246 1804 HidUsb - ok 22:17:54.0269 1804 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 22:17:54.0270 1804 HpCISSs - ok 22:17:54.0315 1804 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 22:17:54.0322 1804 HTTP - ok 22:17:54.0337 1804 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 22:17:54.0338 1804 i2omp - ok 22:17:54.0387 1804 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 22:17:54.0389 1804 i8042prt - ok 22:17:54.0418 1804 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 22:17:54.0422 1804 iaStorV - ok 22:17:54.0463 1804 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 22:17:54.0464 1804 iirsp - ok 22:17:54.0569 1804 IntcAzAudAddService (b8716d9677b04b82fa405c8c54954728) C:\Windows\system32\drivers\RTKVHDA.sys 22:17:54.0635 1804 IntcAzAudAddService - ok 22:17:54.0658 1804 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 22:17:54.0659 1804 intelide - ok 22:17:54.0696 1804 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 22:17:54.0698 1804 intelppm - ok 22:17:54.0730 1804 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:17:54.0732 1804 IpFilterDriver - ok 22:17:54.0751 1804 IpInIp - ok 22:17:54.0776 1804 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 22:17:54.0777 1804 IPMIDRV - ok 22:17:54.0798 1804 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 22:17:54.0800 1804 IPNAT - ok 22:17:54.0837 1804 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 22:17:54.0838 1804 IRENUM - ok 22:17:54.0860 1804 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 22:17:54.0861 1804 isapnp - ok 22:17:54.0900 1804 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 22:17:54.0903 1804 iScsiPrt - ok 22:17:54.0919 1804 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 22:17:54.0920 1804 iteatapi - ok 22:17:54.0951 1804 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 22:17:54.0952 1804 iteraid - ok 22:17:54.0969 1804 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 22:17:54.0971 1804 kbdclass - ok 22:17:54.0998 1804 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 22:17:54.0999 1804 kbdhid - ok 22:17:55.0072 1804 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 22:17:55.0078 1804 KSecDD - ok 22:17:55.0168 1804 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 22:17:55.0169 1804 lirsgt - ok 22:17:55.0186 1804 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 22:17:55.0187 1804 lltdio - ok 22:17:55.0220 1804 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 22:17:55.0222 1804 LSI_FC - ok 22:17:55.0245 1804 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 22:17:55.0246 1804 LSI_SAS - ok 22:17:55.0269 1804 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 22:17:55.0270 1804 LSI_SCSI - ok 22:17:55.0291 1804 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 22:17:55.0293 1804 luafv - ok 22:17:55.0378 1804 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 22:17:55.0380 1804 LVPr2Mon - ok 22:17:55.0424 1804 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 22:17:55.0425 1804 megasas - ok 22:17:55.0472 1804 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 22:17:55.0480 1804 MegaSR - ok 22:17:55.0521 1804 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 22:17:55.0522 1804 Modem - ok 22:17:55.0544 1804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 22:17:55.0545 1804 monitor - ok 22:17:55.0567 1804 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 22:17:55.0568 1804 mouclass - ok 22:17:55.0591 1804 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 22:17:55.0593 1804 mouhid - ok 22:17:55.0619 1804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 22:17:55.0621 1804 MountMgr - ok 22:17:55.0657 1804 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 22:17:55.0659 1804 mpio - ok 22:17:55.0683 1804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 22:17:55.0685 1804 mpsdrv - ok 22:17:55.0714 1804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 22:17:55.0715 1804 Mraid35x - ok 22:17:55.0767 1804 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 22:17:55.0769 1804 MRxDAV - ok 22:17:55.0801 1804 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:17:55.0803 1804 mrxsmb - ok 22:17:55.0869 1804 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:17:55.0873 1804 mrxsmb10 - ok 22:17:55.0886 1804 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:17:55.0888 1804 mrxsmb20 - ok 22:17:55.0926 1804 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 22:17:55.0928 1804 msahci - ok 22:17:55.0961 1804 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 22:17:55.0963 1804 msdsm - ok 22:17:56.0004 1804 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 22:17:56.0005 1804 Msfs - ok 22:17:56.0042 1804 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 22:17:56.0044 1804 msisadrv - ok 22:17:56.0093 1804 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 22:17:56.0094 1804 MSKSSRV - ok 22:17:56.0114 1804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 22:17:56.0116 1804 MSPCLOCK - ok 22:17:56.0144 1804 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 22:17:56.0145 1804 MSPQM - ok 22:17:56.0205 1804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 22:17:56.0207 1804 MsRPC - ok 22:17:56.0253 1804 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 22:17:56.0255 1804 mssmbios - ok 22:17:56.0278 1804 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 22:17:56.0279 1804 MSTEE - ok 22:17:56.0298 1804 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 22:17:56.0300 1804 Mup - ok 22:17:56.0376 1804 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 22:17:56.0378 1804 NativeWifiP - ok 22:17:56.0453 1804 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 22:17:56.0460 1804 NDIS - ok 22:17:56.0495 1804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 22:17:56.0497 1804 NdisTapi - ok 22:17:56.0524 1804 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 22:17:56.0525 1804 Ndisuio - ok 22:17:56.0567 1804 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 22:17:56.0570 1804 NdisWan - ok 22:17:56.0600 1804 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 22:17:56.0601 1804 NDProxy - ok 22:17:56.0652 1804 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 22:17:56.0653 1804 NetBIOS - ok 22:17:56.0710 1804 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 22:17:56.0712 1804 netbt - ok 22:17:56.0757 1804 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 22:17:56.0759 1804 nfrd960 - ok 22:17:56.0848 1804 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 22:17:56.0849 1804 Npfs - ok 22:17:56.0868 1804 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 22:17:56.0869 1804 nsiproxy - ok 22:17:56.0990 1804 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 22:17:57.0021 1804 Ntfs - ok 22:17:57.0044 1804 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 22:17:57.0046 1804 ntrigdigi - ok 22:17:57.0289 1804 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys 22:17:57.0291 1804 NuidFltr - ok 22:17:57.0310 1804 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 22:17:57.0311 1804 Null - ok 22:17:57.0375 1804 NVENETFD (adb84b1e6b837c45443aa25abe9e7012) C:\Windows\system32\DRIVERS\nvmfdx32.sys 22:17:57.0409 1804 NVENETFD - ok 22:17:57.0452 1804 NVHDA (faa22e6256d9fa2c7f77b67c68cdd749) C:\Windows\system32\drivers\nvhda32v.sys 22:17:57.0454 1804 NVHDA - ok 22:17:57.0696 1804 nvlddmkm (cd10cf6c0200a6fe2f9ed9747ba123a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:17:57.0827 1804 nvlddmkm - ok 22:17:57.0865 1804 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 22:17:57.0867 1804 nvraid - ok 22:17:57.0902 1804 nvsmu (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys 22:17:57.0904 1804 nvsmu - ok 22:17:57.0931 1804 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 22:17:57.0932 1804 nvstor - ok 22:17:57.0976 1804 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys 22:17:57.0979 1804 nvstor32 - ok 22:17:58.0008 1804 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 22:17:58.0010 1804 nv_agp - ok 22:17:58.0022 1804 NwlnkFlt - ok 22:17:58.0038 1804 NwlnkFwd - ok 22:17:58.0080 1804 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 22:17:58.0082 1804 ohci1394 - ok 22:17:58.0145 1804 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 22:17:58.0146 1804 Parport - ok 22:17:58.0196 1804 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 22:17:58.0198 1804 partmgr - ok 22:17:58.0221 1804 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 22:17:58.0223 1804 Parvdm - ok 22:17:58.0266 1804 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 22:17:58.0268 1804 pci - ok 22:17:58.0290 1804 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 22:17:58.0291 1804 pciide - ok 22:17:58.0319 1804 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 22:17:58.0321 1804 pcmcia - ok 22:17:58.0373 1804 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 22:17:58.0392 1804 PEAUTH - ok 22:17:58.0490 1804 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\Windows\system32\DRIVERS\LV561AV.SYS 22:17:58.0499 1804 PID_0928 - ok 22:17:58.0635 1804 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 22:17:58.0636 1804 PptpMiniport - ok 22:17:58.0665 1804 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 22:17:58.0667 1804 Processor - ok 22:17:58.0734 1804 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 22:17:58.0736 1804 PSched - ok 22:17:58.0765 1804 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 22:17:58.0766 1804 PxHelp20 - ok 22:17:58.0826 1804 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 22:17:58.0859 1804 ql2300 - ok 22:17:58.0879 1804 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 22:17:58.0881 1804 ql40xx - ok 22:17:58.0914 1804 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 22:17:58.0916 1804 QWAVEdrv - ok 22:17:58.0932 1804 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 22:17:58.0933 1804 RasAcd - ok 22:17:58.0955 1804 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:17:58.0957 1804 Rasl2tp - ok 22:17:59.0015 1804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 22:17:59.0017 1804 RasPppoe - ok 22:17:59.0056 1804 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 22:17:59.0058 1804 RasSstp - ok 22:17:59.0108 1804 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 22:17:59.0112 1804 rdbss - ok 22:17:59.0136 1804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:17:59.0137 1804 RDPCDD - ok 22:17:59.0175 1804 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 22:17:59.0178 1804 rdpdr - ok 22:17:59.0191 1804 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 22:17:59.0193 1804 RDPENCDD - ok 22:17:59.0233 1804 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 22:17:59.0236 1804 RDPWD - ok 22:17:59.0298 1804 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 22:17:59.0300 1804 rspndr - ok 22:17:59.0325 1804 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS 22:17:59.0326 1804 RTSTOR - ok 22:17:59.0357 1804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 22:17:59.0359 1804 sbp2port - ok 22:17:59.0406 1804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 22:17:59.0407 1804 secdrv - ok 22:17:59.0436 1804 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 22:17:59.0437 1804 Serenum - ok 22:17:59.0475 1804 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 22:17:59.0477 1804 Serial - ok 22:17:59.0500 1804 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 22:17:59.0501 1804 sermouse - ok 22:17:59.0541 1804 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 22:17:59.0542 1804 sffdisk - ok 22:17:59.0567 1804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 22:17:59.0568 1804 sffp_mmc - ok 22:17:59.0592 1804 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 22:17:59.0593 1804 sffp_sd - ok 22:17:59.0607 1804 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 22:17:59.0609 1804 sfloppy - ok 22:17:59.0642 1804 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 22:17:59.0644 1804 sisagp - ok 22:17:59.0661 1804 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 22:17:59.0663 1804 SiSRaid2 - ok 22:17:59.0688 1804 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 22:17:59.0689 1804 SiSRaid4 - ok 22:17:59.0764 1804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 22:17:59.0766 1804 Smb - ok 22:17:59.0819 1804 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 22:17:59.0820 1804 spldr - ok 22:17:59.0866 1804 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 22:17:59.0872 1804 srv - ok 22:17:59.0904 1804 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 22:17:59.0906 1804 srv2 - ok 22:17:59.0933 1804 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 22:17:59.0935 1804 srvnet - ok 22:17:59.0992 1804 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 22:17:59.0994 1804 ssmdrv - ok 22:18:00.0056 1804 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 22:18:00.0057 1804 swenum - ok 22:18:00.0099 1804 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 22:18:00.0100 1804 Symc8xx - ok 22:18:00.0118 1804 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 22:18:00.0119 1804 Sym_hi - ok 22:18:00.0143 1804 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 22:18:00.0145 1804 Sym_u3 - ok 22:18:00.0177 1804 SynTP (be78198c69135ef1fa157e08fd5c90ff) C:\Windows\system32\DRIVERS\SynTP.sys 22:18:00.0180 1804 SynTP - ok 22:18:00.0253 1804 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 22:18:00.0272 1804 Tcpip - ok 22:18:00.0312 1804 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 22:18:00.0322 1804 Tcpip6 - ok 22:18:00.0360 1804 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 22:18:00.0362 1804 tcpipreg - ok 22:18:00.0397 1804 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 22:18:00.0399 1804 TDPIPE - ok 22:18:00.0424 1804 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 22:18:00.0425 1804 TDTCP - ok 22:18:00.0489 1804 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 22:18:00.0491 1804 tdx - ok 22:18:00.0535 1804 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 22:18:00.0537 1804 TermDD - ok 22:18:00.0578 1804 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:18:00.0580 1804 tssecsrv - ok 22:18:00.0603 1804 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 22:18:00.0604 1804 tunmp - ok 22:18:00.0649 1804 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 22:18:00.0650 1804 tunnel - ok 22:18:00.0670 1804 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 22:18:00.0672 1804 uagp35 - ok 22:18:00.0733 1804 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 22:18:00.0737 1804 udfs - ok 22:18:00.0771 1804 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 22:18:00.0773 1804 uliagpkx - ok 22:18:00.0800 1804 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 22:18:00.0805 1804 uliahci - ok 22:18:00.0828 1804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 22:18:00.0830 1804 UlSata - ok 22:18:00.0870 1804 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 22:18:00.0872 1804 ulsata2 - ok 22:18:00.0895 1804 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 22:18:00.0897 1804 umbus - ok 22:18:00.0976 1804 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 22:18:00.0978 1804 USBAAPL - ok 22:18:01.0021 1804 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 22:18:01.0023 1804 usbccgp - ok 22:18:01.0054 1804 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 22:18:01.0056 1804 usbcir - ok 22:18:01.0085 1804 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 22:18:01.0087 1804 usbehci - ok 22:18:01.0123 1804 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 22:18:01.0125 1804 usbhub - ok 22:18:01.0161 1804 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 22:18:01.0163 1804 usbohci - ok 22:18:01.0189 1804 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 22:18:01.0190 1804 usbprint - ok 22:18:01.0217 1804 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:18:01.0219 1804 USBSTOR - ok 22:18:01.0244 1804 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 22:18:01.0246 1804 usbuhci - ok 22:18:01.0299 1804 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 22:18:01.0301 1804 usbvideo - ok 22:18:01.0333 1804 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 22:18:01.0334 1804 vga - ok 22:18:01.0358 1804 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 22:18:01.0359 1804 VgaSave - ok 22:18:01.0382 1804 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 22:18:01.0384 1804 viaagp - ok 22:18:01.0405 1804 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 22:18:01.0406 1804 ViaC7 - ok 22:18:01.0433 1804 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 22:18:01.0434 1804 viaide - ok 22:18:01.0477 1804 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 22:18:01.0479 1804 volmgr - ok 22:18:01.0534 1804 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 22:18:01.0539 1804 volmgrx - ok 22:18:01.0591 1804 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 22:18:01.0594 1804 volsnap - ok 22:18:01.0636 1804 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 22:18:01.0639 1804 vsmraid - ok 22:18:01.0675 1804 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 22:18:01.0676 1804 WacomPen - ok 22:18:01.0696 1804 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:18:01.0698 1804 Wanarp - ok 22:18:01.0719 1804 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:18:01.0721 1804 Wanarpv6 - ok 22:18:01.0756 1804 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 22:18:01.0757 1804 Wd - ok 22:18:01.0798 1804 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 22:18:01.0805 1804 Wdf01000 - ok 22:18:01.0893 1804 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 22:18:01.0895 1804 WmiAcpi - ok 22:18:01.0964 1804 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 22:18:01.0966 1804 WpdUsb - ok 22:18:01.0992 1804 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 22:18:01.0993 1804 ws2ifsl - ok 22:18:02.0046 1804 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:18:02.0048 1804 WUDFRd - ok 22:18:02.0094 1804 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys 22:18:02.0095 1804 XUIF - ok 22:18:02.0220 1804 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HomeCinema\PlayMovie\000.fcl 22:18:02.0221 1804 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok 22:18:02.0405 1804 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HomeCinema\PowerDVD8\000.fcl 22:18:02.0406 1804 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok 22:18:02.0430 1804 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 22:18:02.0502 1804 \Device\Harddisk0\DR0 - ok 22:18:02.0508 1804 Boot (0x1200) (a1003dd3ff05d2edf2ccf93d049c381f) \Device\Harddisk0\DR0\Partition0 22:18:02.0509 1804 \Device\Harddisk0\DR0\Partition0 - ok 22:18:02.0554 1804 Boot (0x1200) (6f9846175cb6c258007fb98eac3fe9df) \Device\Harddisk0\DR0\Partition1 22:18:02.0554 1804 \Device\Harddisk0\DR0\Partition1 - ok 22:18:02.0555 1804 ============================================================ 22:18:02.0555 1804 Scan finished 22:18:02.0555 1804 ============================================================ 22:18:02.0573 1664 Detected object count: 0 22:18:02.0573 1664 Actual detected object count: 0 MfG Jörg |
20.01.2012, 11:43 | #9 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi, ja, sieht ok aus... Falls keine sonstigen Symptome (Umleitungen, sich öffnende Browserfenster etc.) auftauchen, sollten wir durch sein... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
20.01.2012, 14:34 | #10 | |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Ok, super vielen Dank Chris, ohne deine Hilfe hätte ich das nie in den Griff bekommen. Ein paar Fragen hab ich aber noch: 1. Was mache ich hier? Zitat:
3. Die von ESET in Quarantäne verschobenen Dateien, was passiert mit denen? Babylon Toolbar ist Schrott, das ist klar, aber was ist mit dem Rest? Braucht man das noch? Ich hoffe, das war´s dann endgültig. Nochmals vielen Dank für deine Bemühungen MfG Jörg |
20.01.2012, 16:47 | #11 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi, kann gelöscht werden (das von ESET); Für eine "rückstandsfreie Entfernung" von ESET kann der Eintrag mit HJ entfernt werden (muß aber nicht)... Defogger kann gelösch twerden... Gruß, chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
26.01.2012, 15:11 | #12 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Sieht soweit alles gut aus, keine ungewöhnlichen Meldungen mehr. Das sollte es gewesen sein. Vielen Dank für deine Hilfe Chris, allein hätte ich das niemals hinbekommen. Nun will ich mal hoffen, dass mir so ein "Schnupfen" in Zukunft erspart bleibt. LG Jörg |
Themen zu Aus Sicherheitsgründen wurde ihr Windowssystem blockiert |
abbruch, autorun, avira, babylon, babylon toolbar, babylontoolbar, bho, bildschirm, blockiert, bonjour, curse, error, excel, firefox, flash player, format, home, install.exe, installation, intranet, metin2, microsoft office word, monkey island, mozilla thunderbird, object, plug-in, realtek, registry, rundll, scan, search the web, senden, software, svchost.exe, udp, usb 2.0, version=1.0, vista, windows, wurde ihr |