| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.01.2012, 21:01
| #1 |
 |  Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hallo, nun hat es den Laptop (Windows Vista) meiner Frau auch erwischt, bei aktiver Internetverbindung erscheint der Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" mit der Aufforderung, eine kostenpflichtige Antivirensoftware herunterzuladen. Ohne Netzwerkverbindung läuft der Laptop. Die Tools habe ich mit meinem Rechner runtergeladen und per USB-Stick übertragen, die Logfiles nahmen den gleichen Weg zurück. Was ich bis jetzt gemacht habe: Defogger gestartet und Disable geklickt. Keine Fehlermeldung und keine Neustart erforderlich. OTL gestartet hier die Logfiles: OTL.txt Code:
ATTFilter OTL logfile created on: 11.01.2012 19:26:01 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,25 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 62,89% Memory free 4,72 Gb Paging File | 3,67 Gb Available in Paging File | 77,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282,27 Gb Total Space | 176,97 Gb Free Space | 62,70% Space Free | Partition Type: NTFS Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.11 19:07:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martina\Desktop\OTL.exe PRC - [2011.11.23 08:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2011.09.20 11:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2011.06.30 10:20:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 15:52:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.26 19:35:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.05.08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:36 | 000,065,536 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.08 12:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe PRC - [2008.10.21 11:36:28 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\PlayMovie\PMVService.exe PRC - [2008.10.07 13:31:44 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\Cyberlink\Shared files\brs.exe PRC - [2008.09.18 19:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.09.08 11:10:20 | 000,450,560 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe PRC - [2008.09.08 11:09:40 | 000,184,320 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2011.11.23 09:00:00 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2011.11.23 08:59:08 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2011.11.23 08:58:18 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2011.11.23 08:57:28 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2011.11.23 08:57:26 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2011.11.23 08:57:24 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2011.11.23 08:57:24 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2011.11.23 08:57:22 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2011.11.23 08:57:20 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2011.11.23 08:56:02 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2011.11.23 08:55:58 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2011.11.23 08:55:56 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2011.11.23 08:55:26 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.04.11 07:27:36 | 000,065,536 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe ========== Win32 Services (SafeList) ========== SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2011.06.30 10:20:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.04.27 15:52:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.09.08 11:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2008.09.08 11:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - [2011.06.30 10:20:33 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 10:20:33 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.04.28 17:48:33 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.04.28 17:48:33 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.30 21:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2009.04.30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.21 11:40:46 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.10.07 20:31:38 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2008.09.29 14:59:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.05 12:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008.07.28 15:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.5.9 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] [2009.06.03 19:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Extensions [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions [2010.10.16 14:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.27 11:50:34 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2011.05.14 16:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\ffxtlbr@babylon.com [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\staged [2011.06.27 21:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.13 20:20:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE () (No name found) -- C:\USERS\CHEFFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JHD3XB5D.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.14 16:54:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC336C5-793C-4413-91D7-08C17FDC82EA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B89040-6443-4225-B504-681C414A9CAB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTARTER.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software [2011.12.27 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\kinoma [2011.12.27 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Sony Corporation [2011.12.27 11:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.12.27 10:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma [2011.12.27 10:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc [2011.12.27 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\Sony Corporation [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2011.12.27 10:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2011.12.25 13:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\A Vampyre Story [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.11 19:24:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.11 19:24:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.11 19:24:09 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.11 19:24:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.11 19:22:18 | 000,000,000 | ---- | M] () -- C:\Users\Cheffe\defogger_reenable [2012.01.11 19:21:51 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job [2012.01.11 19:21:27 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.01.11 19:20:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.11 19:19:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.11 19:19:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.11 19:19:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.11 19:19:34 | 2414,067,712 | -HS- | M] () -- C:\hiberfil.sys [2012.01.01 22:16:34 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.01.01 16:52:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.27 17:49:33 | 000,407,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.27 10:07:30 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | M] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.11 19:22:18 | 000,000,000 | ---- | C] () -- C:\Users\Cheffe\defogger_reenable [2012.01.11 19:19:34 | 2414,067,712 | -HS- | C] () -- C:\hiberfil.sys [2011.12.27 10:07:30 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | C] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [2011.07.24 18:20:41 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2009.09.25 15:52:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.25 15:52:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.12 17:20:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.12 17:20:29 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.06.22 16:37:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.06.07 12:30:23 | 000,050,176 | ---- | C] () -- C:\Users\Cheffe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.04.30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.02.05 22:33:04 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.02.05 22:33:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.02.05 22:33:04 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.02.05 22:33:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.02.05 14:01:52 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2009.02.05 13:54:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.02.05 13:45:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,407,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.06.20 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Ankh [2010.10.25 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Canneverbe Limited [2010.03.16 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\ICQ [2011.12.27 11:50:35 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\kikin [2011.05.29 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\QuickStoresToolbar [2009.06.22 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Thunderbird [2012.01.01 17:24:27 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.11 19:21:51 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.01.2012 19:26:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,25 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 62,89% Memory free
4,72 Gb Paging File | 3,67 Gb Available in Paging File | 77,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 176,97 Gb Free Space | 62,70% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32
Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033DE1ED-CFD8-437D-90DC-AA4701D854C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08311AA2-A7C4-4214-86CB-C77D2C2CAA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{086965D4-CC7C-4B6F-A810-CFDC30D6E9B6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0F9B34C9-E50A-4619-87FE-6021ECF420D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18DA6B8C-4D44-4322-92C2-28919BB8D966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76FD0AA7-5F77-4F6C-B58F-0F1B31428CD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8897F6FD-2276-4E2B-954F-17D4779645C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A7CC8194-7AF6-4532-8B0C-25CCE7BD4046}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACC00DE5-8ACD-4C42-B322-52CB13817676}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCB0F727-8551-4960-BFB8-928A076CEFA4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA8C70E3-254E-461C-9BF5-394DBE55BA69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F204D640-80E2-4D9A-8B54-217EDCEC9ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B3176-174F-45E1-A67E-7571DC4F1B29}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{107A1434-4517-471C-A627-5CCA9F876A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25F7F8F7-6A72-4FA4-8A71-A2E6F4338415}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2B21C8B0-3E83-4148-97E1-DAD16DA278A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D344E22-3F8C-4966-8FE7-9892E5F7BC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F50F021-901B-4948-AD9E-C04B04FDBD69}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{34025196-C1A0-4974-8F16-5A337D4AC10E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{3827EE72-7CCA-41D1-92D3-9ABEF5362B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{581B3538-86C0-41E1-9874-2C7B61028CA2}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe |
"{5A478E19-6ECB-444C-89D2-E535A3533A10}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5AA2CACC-786E-4AF0-AFBE-FA9A6DB34F36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{626EF331-9564-425D-BAA8-84336305AC01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6DC40A49-80F9-4C6F-A447-E1B13330B191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{794CBED7-7D41-414C-80E2-28346E0F46C2}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{79664EA1-941D-4885-94DE-8D1B386AC0A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8046692F-0856-4F92-B146-48C504934350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{890A5A65-C386-4D40-980E-9B871BC24B75}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{89A64704-0D62-481A-B188-BEB3D4829999}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8E9E018F-A7AC-4E3E-9F96-6B56391D4A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F3F2096-EB53-462B-85BD-AD2E8E8EA891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B1A7A81-40B7-4232-9BAE-1D59A86A644E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{AAF8BCBB-3861-4613-A2E4-54D3D86077C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3DB579D-E994-4D58-90C1-04CE588DE7BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8DE90CF-8C3A-4DA0-9070-635BE8769F8A}" = protocol=6 | dir=out | app=system |
"{BA9B958E-5D86-4CB4-8C51-2AC58E5EED0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BBED257C-6A5C-4B92-BB66-CC596EF00503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C79981B7-778D-466F-ADD6-6517F3E631EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C97BFDF3-A2EB-4DCE-8185-D87F39C219A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E61D77B2-0E4B-4C7E-B74F-512EA233AF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB74D9A7-626C-4DC0-A1E2-1F14A7ACAEF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ECCF2B5B-5F03-4170-BA2A-19E50A6F62D4}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe |
"{ECF2D918-DBD7-4E24-AD51-DD29A68FCE39}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ED946555-15FD-43D9-B3B3-7EF54AA1B61E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{F6C4CA97-A9BF-4F30-AD48-FA8DEF9B1067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8C54AB4-4DD2-4812-8912-66C5CBA791AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{0786A12F-9609-43FF-9123-16E8E76D0F51}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{28937610-D652-4B08-A258-785CAFD8E492}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
"TCP Query User{56CCA9BC-2E73-4510-8625-D9C75553C677}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{878E611D-6171-4884-A351-0EFE8619D792}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{9D5EEFCB-F126-45D8-8D4D-280795F401C0}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
"TCP Query User{A646A1A9-A08B-4EFA-8FD2-6A74DABBA51B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"TCP Query User{D232A219-2C36-4648-AC3E-B3A9A552ED21}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F05175A7-5A3E-4B12-9FE6-D5C6CEFB8EE1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F6090DC2-5A94-42B2-8B76-FF4A9C90177F}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"TCP Query User{F960C423-F010-4878-BABE-0B4DCC2413C8}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{0271C050-90E5-4326-A662-300AE7D78FD3}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{4F84468F-FF4B-44A0-A54C-01DB4869C1F0}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"UDP Query User{5825C956-4B68-4B71-93F9-9E76250D5263}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{6923D76E-4FB1-4B16-84A0-724B0DAB78AC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7B079471-6D09-49F0-8A37-368E533E4B83}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{AF192E8B-C662-4544-AA61-D45E44FE65B3}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
"UDP Query User{DA329EFF-0F3F-4C7B-882B-C5F7D88FB1D8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{ED490460-D2BB-4D2D-A631-544B018D121C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F649B6D4-AAAF-4BD3-A9A3-E0CFCAC2247B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"UDP Query User{F961846E-F484-4167-9292-37282D6AFAF4}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI: Dark Motives
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4B21AAD6-6AB1-465A-A4AE-5CC1B7A0FCC9}" = Informaticus
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.4
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}" = Hollywood - Directors Cut
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.5
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"A Vampyre Story" = A Vampyre Story
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ankh" = Ankh
"Ankh3" = Ankh3
"Art of Murder/DE-German_is1" = Die Kunst des Mordens: Geheimakte FBI
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar
"CodInstl" = Intel A/V Codecs V2.0
"Curse - The Eye of Isis" = Curse - The Eye of Isis
"Der Stein der Weisen" = Der Stein der Weisen
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Desktop" = Google Desktop
"Holly im Wunderland" = Holly im Wunderland
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"PirateVille" = PirateVille
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Shockwave" = Shockwave
"So Blonde" = So Blonde
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales Version 1.02
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2011 09:39:49 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.12.2011 09:40:57 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.12.2011 05:11:15 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 31.12.2011 05:11:15 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 31.12.2011 05:12:24 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.01.2012 05:55:28 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2012 05:55:28 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2012 05:56:37 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.01.2012 17:08:56 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2012 17:08:56 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 01.01.2012 17:16:44 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.01.2012 14:13:43 | Computer Name = Martina-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.01.2012 um 22:18:02 unerwartet heruntergefahren.
Error - 11.01.2012 14:14:08 | Computer Name = Martina-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 11.01.2012 14:14:10 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description =
Error - 11.01.2012 14:14:17 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description =
Error - 11.01.2012 14:14:22 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description =
Error - 11.01.2012 14:14:27 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description =
Error - 11.01.2012 14:14:58 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.01.2012 14:14:58 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11.01.2012 14:21:10 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Der Scan brach nach einiger Zeit ab mit der Meldung: xxxxx.exe (gmer) funktioniert nicht mehr Das Programm wird aufgrund eines Porblems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung verfügbar ist. Programm schließen Ein Logfile wurde nicht erstellt. Bis zum Abbruch waren bereits einige Meldungen, die ich aber leider nicht abgeschrieben habe, bevor ich das Fenster zugemacht habe. Ein zweiter Versuch im abgesicherten Modus endete sofort mit der gleichen Fehlermeldung, gmer ließ sich gar nicht starten. 3. Versuch, neuer Download (und damit neuer Dateiname), jetzt sofort im abgesicherten Modus ausgeführt Scan startet, bricht aber nach kurzer Zeit mit der gleichen Fehlermeldung ab. Keine weiteren Meldungen. Ich hoffe, ihr könnt mir helfen. Mfg Skraty |
|
11.01.2012, 21:24
| #2 |
  | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi,
__________________soso, ein Explorer in AppData... C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe Bin faul, MAM auf einen Stick ziehen, rüber kopieren und installieren und Fullscann... Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. Sonst kille ich ihn "per hand"... chris Hihih, Markus und ich haben es mal wieder geschafft... ;o), na, wer soll weiter machen...????
__________________ Geändert von Chris4You (11.01.2012 um 21:38 Uhr) |
|
11.01.2012, 21:24
| #3 |
| /// Malware-holic | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
:Files
C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
16.01.2012, 22:29
| #4 |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Erst mal danke, dass ihr euch um mich kümmert  Ich habe mich jetzt mal für die Variante von Chris entschieden und MAM drüberlaufen lassen. 1. Durchlauf - ohne Aktualisierung kein Fund 2. Durchlauf - nach Aktualisierung 2 Funde, einmal der von dir angegebene und noch ein weiterer, der so ähnlich lautete, sich aber woanders versteckt hatte. Leider ist das Logfile im Datennirvana verschwunden und nicht auffindbar. Entfernung wurde als erfolgreich gemeldet. zur Sicherheit noch 3. Durchlauf gemacht, wieder ein Fund. Hier gibts auch ein Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.11.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19170 Martina :: MARTINA-PC [limited] 14.01.2012 22:15:42 mbam-log-2012-01-14 (22-15-42).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 397624 Time elapsed: 1 hour(s), 41 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iexploer.exe (Trojan.Agent) -> Data: C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) und weil´s so schön war, noch ein 4. Durchlauf, ohne Fund Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.11.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19170 Martina :: MARTINA-PC [limitiert] 15.01.2012 02:07:03 mbam-log-2012-01-15 (02-07-03).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 397560 Laufzeit: 1 Stunde(n), 36 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) MfG Jörg |
|
17.01.2012, 07:32
| #5 |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi, bitte ein neues OTL-Log und TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... ESET Online Scanner ESET Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten. Button "ESET Online Scanner" drücken. Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren. Das Firefox-Addon auf dem Desktop speichern und dann installieren. IE-User müssen das Installieren eines ActiveX Elements erlauben. Einen Haken bei "Remove found threads" und "Scan archives" machen. Start drücken. Der Scan beginnt automatisch. Finish drücken. Browser schließen. Explorer öffnen. C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen. Logfile hier posten. Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen. Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset IE-User zusätzlich: mit HJT folgenden Eintrag fixen: O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
19.01.2012, 21:35
| #6 | |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hallo Chris habe die Scans durchlaufen lassen. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.01.2012 21:54:31 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,25 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 57,52% Memory free 4,72 Gb Paging File | 3,63 Gb Available in Paging File | 76,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282,27 Gb Total Space | 174,37 Gb Free Space | 61,78% Space Free | Partition Type: NTFS Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martina\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () ========== Win32 Services (SafeList) ========== SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (Cyberlink Corp.) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Programme\HomeCinema\PowerDVD8\000.fcl (Cyberlink Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.5.9 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M] [2009.06.03 19:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Extensions [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions [2010.10.16 14:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.27 11:50:34 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2011.05.14 16:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\ffxtlbr@babylon.com [2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\staged [2011.06.27 21:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.13 20:20:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE () (No name found) -- C:\USERS\CHEFFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JHD3XB5D.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.14 16:54:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC336C5-793C-4413-91D7-08C17FDC82EA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B89040-6443-4225-B504-681C414A9CAB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTARTER.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.11 21:50:25 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Malwarebytes [2012.01.11 21:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.11 21:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.11 21:50:13 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.11 21:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software [2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software [2011.12.27 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\kinoma [2011.12.27 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Sony Corporation [2011.12.27 11:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.12.27 10:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma [2011.12.27 10:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc [2011.12.27 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\Sony Corporation [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2011.12.27 10:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2011.12.25 13:33:43 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2011.12.25 13:33:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2011.12.25 13:33:42 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2011.12.25 13:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Vampyre Story [2011.12.25 13:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\A Vampyre Story [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.17 21:52:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.17 21:01:58 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.01.17 21:01:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.17 20:55:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.17 20:55:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.17 20:55:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.17 20:55:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.17 20:50:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.17 20:50:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.17 20:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.17 20:50:03 | 2414,153,728 | -HS- | M] () -- C:\hiberfil.sys [2012.01.16 22:12:26 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job [2012.01.16 22:10:26 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.01.11 21:50:14 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.11 19:22:18 | 000,000,000 | ---- | M] () -- C:\Users\Cheffe\defogger_reenable [2011.12.27 17:49:33 | 000,407,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.27 10:07:30 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | M] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.11 21:50:14 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.11 21:46:41 | 2414,153,728 | -HS- | C] () -- C:\hiberfil.sys [2012.01.11 19:22:18 | 000,000,000 | ---- | C] () -- C:\Users\Cheffe\defogger_reenable [2011.12.27 10:07:30 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2011.12.25 13:25:12 | 000,000,928 | ---- | C] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk [2011.07.24 18:20:41 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2009.09.25 15:52:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.25 15:52:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.12 17:20:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.12 17:20:29 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.06.22 16:37:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.06.07 12:30:23 | 000,050,176 | ---- | C] () -- C:\Users\Cheffe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.04.30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.02.05 22:33:04 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.02.05 22:33:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.02.05 22:33:04 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.02.05 22:33:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.02.05 14:01:52 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2009.02.05 13:54:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.02.05 13:45:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,407,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.06.20 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Ankh [2010.10.25 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Canneverbe Limited [2010.03.16 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\ICQ [2011.12.27 11:50:35 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\kikin [2011.05.29 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\QuickStoresToolbar [2009.06.22 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Thunderbird [2012.01.16 23:49:43 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.16 22:12:26 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job ========== Purity Check ========== < End of report > extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.01.2012 21:54:31 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,25 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 57,52% Memory free
4,72 Gb Paging File | 3,63 Gb Available in Paging File | 76,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 174,37 Gb Free Space | 61,78% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32
Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033DE1ED-CFD8-437D-90DC-AA4701D854C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08311AA2-A7C4-4214-86CB-C77D2C2CAA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{086965D4-CC7C-4B6F-A810-CFDC30D6E9B6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0F9B34C9-E50A-4619-87FE-6021ECF420D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18DA6B8C-4D44-4322-92C2-28919BB8D966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76FD0AA7-5F77-4F6C-B58F-0F1B31428CD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8897F6FD-2276-4E2B-954F-17D4779645C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A7CC8194-7AF6-4532-8B0C-25CCE7BD4046}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACC00DE5-8ACD-4C42-B322-52CB13817676}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCB0F727-8551-4960-BFB8-928A076CEFA4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA8C70E3-254E-461C-9BF5-394DBE55BA69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F204D640-80E2-4D9A-8B54-217EDCEC9ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B3176-174F-45E1-A67E-7571DC4F1B29}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{107A1434-4517-471C-A627-5CCA9F876A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25F7F8F7-6A72-4FA4-8A71-A2E6F4338415}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2B21C8B0-3E83-4148-97E1-DAD16DA278A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D344E22-3F8C-4966-8FE7-9892E5F7BC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F50F021-901B-4948-AD9E-C04B04FDBD69}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{34025196-C1A0-4974-8F16-5A337D4AC10E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{3827EE72-7CCA-41D1-92D3-9ABEF5362B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{581B3538-86C0-41E1-9874-2C7B61028CA2}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe |
"{5A478E19-6ECB-444C-89D2-E535A3533A10}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5AA2CACC-786E-4AF0-AFBE-FA9A6DB34F36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{626EF331-9564-425D-BAA8-84336305AC01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6DC40A49-80F9-4C6F-A447-E1B13330B191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{794CBED7-7D41-414C-80E2-28346E0F46C2}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{79664EA1-941D-4885-94DE-8D1B386AC0A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8046692F-0856-4F92-B146-48C504934350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{890A5A65-C386-4D40-980E-9B871BC24B75}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{89A64704-0D62-481A-B188-BEB3D4829999}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8E9E018F-A7AC-4E3E-9F96-6B56391D4A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F3F2096-EB53-462B-85BD-AD2E8E8EA891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B1A7A81-40B7-4232-9BAE-1D59A86A644E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{AAF8BCBB-3861-4613-A2E4-54D3D86077C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3DB579D-E994-4D58-90C1-04CE588DE7BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8DE90CF-8C3A-4DA0-9070-635BE8769F8A}" = protocol=6 | dir=out | app=system |
"{BA9B958E-5D86-4CB4-8C51-2AC58E5EED0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BBED257C-6A5C-4B92-BB66-CC596EF00503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C79981B7-778D-466F-ADD6-6517F3E631EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C97BFDF3-A2EB-4DCE-8185-D87F39C219A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E61D77B2-0E4B-4C7E-B74F-512EA233AF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB74D9A7-626C-4DC0-A1E2-1F14A7ACAEF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ECCF2B5B-5F03-4170-BA2A-19E50A6F62D4}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe |
"{ECF2D918-DBD7-4E24-AD51-DD29A68FCE39}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ED946555-15FD-43D9-B3B3-7EF54AA1B61E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{F6C4CA97-A9BF-4F30-AD48-FA8DEF9B1067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8C54AB4-4DD2-4812-8912-66C5CBA791AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{0786A12F-9609-43FF-9123-16E8E76D0F51}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{28937610-D652-4B08-A258-785CAFD8E492}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
"TCP Query User{56CCA9BC-2E73-4510-8625-D9C75553C677}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{878E611D-6171-4884-A351-0EFE8619D792}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{9D5EEFCB-F126-45D8-8D4D-280795F401C0}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
"TCP Query User{A646A1A9-A08B-4EFA-8FD2-6A74DABBA51B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"TCP Query User{D232A219-2C36-4648-AC3E-B3A9A552ED21}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F05175A7-5A3E-4B12-9FE6-D5C6CEFB8EE1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F6090DC2-5A94-42B2-8B76-FF4A9C90177F}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"TCP Query User{F960C423-F010-4878-BABE-0B4DCC2413C8}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{0271C050-90E5-4326-A662-300AE7D78FD3}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{4F84468F-FF4B-44A0-A54C-01DB4869C1F0}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"UDP Query User{5825C956-4B68-4B71-93F9-9E76250D5263}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{6923D76E-4FB1-4B16-84A0-724B0DAB78AC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7B079471-6D09-49F0-8A37-368E533E4B83}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{AF192E8B-C662-4544-AA61-D45E44FE65B3}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
"UDP Query User{DA329EFF-0F3F-4C7B-882B-C5F7D88FB1D8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{ED490460-D2BB-4D2D-A631-544B018D121C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F649B6D4-AAAF-4BD3-A9A3-E0CFCAC2247B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin |
"UDP Query User{F961846E-F484-4167-9292-37282D6AFAF4}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI: Dark Motives
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4B21AAD6-6AB1-465A-A4AE-5CC1B7A0FCC9}" = Informaticus
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.4
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}" = Hollywood - Directors Cut
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.5
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"A Vampyre Story" = A Vampyre Story
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ankh" = Ankh
"Ankh3" = Ankh3
"Art of Murder/DE-German_is1" = Die Kunst des Mordens: Geheimakte FBI
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar
"CodInstl" = Intel A/V Codecs V2.0
"Curse - The Eye of Isis" = Curse - The Eye of Isis
"Der Stein der Weisen" = Der Stein der Weisen
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Desktop" = Google Desktop
"Holly im Wunderland" = Holly im Wunderland
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"PirateVille" = PirateVille
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Shockwave" = Shockwave
"So Blonde" = So Blonde
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales Version 1.02
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.01.2012 16:48:14 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.01.2012 16:48:15 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.01.2012 16:48:15 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.01.2012 16:48:19 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2012 16:48:40 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.01.2012 16:48:40 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.01.2012 20:18:35 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.01.2012 20:18:35 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.01.2012 20:19:41 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.01.2012 19:09:01 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.01.2012 16:02:04 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description =
Error - 11.01.2012 16:48:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.01.2012 20:19:42 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.01.2012 14:36:53 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 14.01.2012 19:10:09 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.01.2012 15:51:41 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
ESET Online Scanner Der erste Durchlauf lief bis in die Nacht. Leider kam dann das automatische Windows-update mit Neustart  Daher kein Report von diesem Scan. Hab den Durchlauf daher wiederholt, kein Fund, kein Bericht. Aber in der Quarantäne wird einiges angezeigt. Ich denke, dass ist beim ersten Durchlauf dorthin verschoben worden. Hmm, lässt sich nicht kopieren, muss ich es wohl abschreiben. Code:
ATTFilter C:\Users\Martina\AppData\Local\Temp\Update_b007.exe
C:\Users\Martina\AppData\Local\Temp\Update_a91a.exe
C:\Users\Martina\AppData\Local\Temp\Update_a0fb.exe
C:\Users\Martina\AppData\Local\Temp\Update_7beb.exe
C:\Users\Martina\AppData\Local\Temp\Update_665c.exe
C:\Users\Martina\AppData\Local\Temp\Update_2f58.exe
C:\Users\Martina\AppData\Local\Temp\Update_096b.exe
C:\Users\Jörg\AppData\Local\Temp\Update_1b84.exe
C:\Users\Cheffe\Downloads\MsgLive-490.exe
C:\Users\Cheffe\AppData\Local\Temp\is887590510\MyBabylonTB.exe
C:\Users\Cheffe\AppData\Local\Temp\ICReinstall\Update_096b.exe
C:\Users\Cheffe\AppData\Local\Temp\NOD1F52.tmp
C:\Program Files\BabylonToolbar\1.41.19.19\BabylonToolbarsrv.exe
C:\Program Files\BabylonToolbar\1.41.19.19\BabylonToolbarAp p.dll
Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ba4f1b20f6cdd24282f75b4e7ad580bb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-18 01:03:55
# local_time=2012-01-18 02:03:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 1388204 101733273 1421213 0
# compatibility_mode=5892 16776573 100 100 4352 164369437 0 0
# compatibility_mode=8192 67108863 100 0 3867 3867 0 0
# scanned=263491
# found=14
# cleaned=14
# scan_time=11926
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cheffe\AppData\Local\Temp\NOD1F52.tmp a variant of Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\Cheffe\AppData\Local\Temp\ICReinstall\Update_096b.exe probably a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cheffe\AppData\Local\Temp\is887590510\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cheffe\Downloads\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jörg\AppData\Local\Temp\Update_1b84.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martina\AppData\Local\Temp\Update_096b.exe probably a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martina\AppData\Local\Temp\Update_2f58.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martina\AppData\Local\Temp\Update_665c.exe a variant of Win32/MessengerPlus.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Martina\AppData\Local\Temp\Update_7beb.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martina\AppData\Local\Temp\Update_a0fb.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martina\AppData\Local\Temp\Update_a91a.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martina\AppData\Local\Temp\Update_b007.exe a variant of Win32/MessengerPlus.A application (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ba4f1b20f6cdd24282f75b4e7ad580bb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-19 07:14:59
# local_time=2012-01-19 08:14:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 4835 101885202 0 0
# compatibility_mode=5892 16776573 100 100 156281 164521366 0 0
# compatibility_mode=8192 67108863 100 0 155796 155796 0 0
# scanned=263591
# found=0
# cleaned=0
# scan_time=11861
Leider kann ich hiermit Zitat:
MfG Jörg |
|
19.01.2012, 22:31
| #7 |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi, sieht ok aus, was macht das TDSS-Log? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
20.01.2012, 10:32
| #8 |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert ist mir doch glatt durch die Lappen gegangen  Code:
ATTFilter 22:17:35.0212 3676 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
22:17:35.0293 3676 ============================================================
22:17:35.0293 3676 Current date / time: 2012/01/17 22:17:35.0293
22:17:35.0293 3676 SystemInfo:
22:17:35.0293 3676
22:17:35.0293 3676 OS Version: 6.0.6002 ServicePack: 2.0
22:17:35.0293 3676 Product type: Workstation
22:17:35.0293 3676 ComputerName: MARTINA-PC
22:17:35.0294 3676 UserName: Cheffe
22:17:35.0294 3676 Windows directory: C:\Windows
22:17:35.0294 3676 System windows directory: C:\Windows
22:17:35.0294 3676 Processor architecture: Intel x86
22:17:35.0294 3676 Number of processors: 2
22:17:35.0294 3676 Page size: 0x1000
22:17:35.0294 3676 Boot type: Normal boot
22:17:35.0294 3676 ============================================================
22:17:36.0534 3676 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:17:36.0603 3676 Initialize success
22:17:50.0219 1804 ============================================================
22:17:50.0219 1804 Scan started
22:17:50.0219 1804 Mode: Manual;
22:17:50.0219 1804 ============================================================
22:17:51.0065 1804 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
22:17:51.0073 1804 acedrv11 - ok
22:17:51.0125 1804 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:17:51.0128 1804 ACPI - ok
22:17:51.0186 1804 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:17:51.0194 1804 adp94xx - ok
22:17:51.0220 1804 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:17:51.0226 1804 adpahci - ok
22:17:51.0252 1804 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:17:51.0253 1804 adpu160m - ok
22:17:51.0279 1804 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:17:51.0282 1804 adpu320 - ok
22:17:51.0351 1804 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:17:51.0354 1804 AFD - ok
22:17:51.0404 1804 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:17:51.0406 1804 agp440 - ok
22:17:51.0436 1804 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:17:51.0438 1804 aic78xx - ok
22:17:51.0467 1804 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:17:51.0468 1804 aliide - ok
22:17:51.0500 1804 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:17:51.0502 1804 amdagp - ok
22:17:51.0527 1804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:17:51.0528 1804 amdide - ok
22:17:51.0554 1804 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:17:51.0555 1804 AmdK7 - ok
22:17:51.0575 1804 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:17:51.0577 1804 AmdK8 - ok
22:17:51.0640 1804 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:17:51.0641 1804 arc - ok
22:17:51.0674 1804 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:17:51.0676 1804 arcsas - ok
22:17:51.0715 1804 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:17:51.0716 1804 AsyncMac - ok
22:17:51.0755 1804 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:17:51.0756 1804 atapi - ok
22:17:52.0019 1804 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
22:17:52.0051 1804 athr - ok
22:17:52.0132 1804 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
22:17:52.0137 1804 atksgt - ok
22:17:52.0227 1804 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:17:52.0228 1804 avgio - ok
22:17:52.0285 1804 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
22:17:52.0287 1804 avgntflt - ok
22:17:52.0337 1804 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
22:17:52.0339 1804 avipbb - ok
22:17:52.0387 1804 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:17:52.0388 1804 Beep - ok
22:17:52.0430 1804 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:17:52.0432 1804 blbdrive - ok
22:17:52.0504 1804 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:17:52.0506 1804 bowser - ok
22:17:52.0538 1804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:17:52.0539 1804 BrFiltLo - ok
22:17:52.0561 1804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:17:52.0562 1804 BrFiltUp - ok
22:17:52.0593 1804 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:17:52.0595 1804 Brserid - ok
22:17:52.0626 1804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:17:52.0627 1804 BrSerWdm - ok
22:17:52.0648 1804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:17:52.0649 1804 BrUsbMdm - ok
22:17:52.0661 1804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:17:52.0662 1804 BrUsbSer - ok
22:17:52.0689 1804 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:17:52.0691 1804 BTHMODEM - ok
22:17:52.0731 1804 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:17:52.0733 1804 cdfs - ok
22:17:52.0764 1804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:17:52.0765 1804 cdrom - ok
22:17:52.0789 1804 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:17:52.0790 1804 circlass - ok
22:17:52.0841 1804 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:17:52.0844 1804 CLFS - ok
22:17:52.0903 1804 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:17:52.0904 1804 CmBatt - ok
22:17:52.0923 1804 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:17:52.0924 1804 cmdide - ok
22:17:52.0936 1804 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:17:52.0937 1804 Compbatt - ok
22:17:52.0958 1804 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:17:52.0959 1804 crcdisk - ok
22:17:52.0984 1804 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:17:52.0985 1804 Crusoe - ok
22:17:53.0052 1804 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:17:53.0053 1804 DfsC - ok
22:17:53.0132 1804 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:17:53.0133 1804 disk - ok
22:17:53.0176 1804 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:17:53.0177 1804 drmkaud - ok
22:17:53.0232 1804 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:17:53.0254 1804 DXGKrnl - ok
22:17:53.0279 1804 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:17:53.0281 1804 E1G60 - ok
22:17:53.0298 1804 EagleNT - ok
22:17:53.0372 1804 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:17:53.0374 1804 Ecache - ok
22:17:53.0423 1804 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:17:53.0429 1804 elxstor - ok
22:17:53.0473 1804 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:17:53.0474 1804 ErrDev - ok
22:17:53.0557 1804 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:17:53.0559 1804 exfat - ok
22:17:53.0605 1804 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:17:53.0608 1804 fastfat - ok
22:17:53.0652 1804 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:17:53.0653 1804 fdc - ok
22:17:53.0691 1804 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:17:53.0693 1804 FileInfo - ok
22:17:53.0731 1804 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:17:53.0732 1804 Filetrace - ok
22:17:53.0778 1804 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:17:53.0779 1804 flpydisk - ok
22:17:53.0855 1804 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:17:53.0857 1804 FltMgr - ok
22:17:53.0907 1804 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:17:53.0908 1804 Fs_Rec - ok
22:17:53.0928 1804 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:17:53.0929 1804 gagp30kx - ok
22:17:53.0983 1804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:17:53.0985 1804 GEARAspiWDM - ok
22:17:54.0085 1804 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:17:54.0088 1804 HdAudAddService - ok
22:17:54.0136 1804 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:17:54.0155 1804 HDAudBus - ok
22:17:54.0179 1804 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:17:54.0181 1804 HidBth - ok
22:17:54.0206 1804 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:17:54.0208 1804 HidIr - ok
22:17:54.0245 1804 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:17:54.0246 1804 HidUsb - ok
22:17:54.0269 1804 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:17:54.0270 1804 HpCISSs - ok
22:17:54.0315 1804 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:17:54.0322 1804 HTTP - ok
22:17:54.0337 1804 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:17:54.0338 1804 i2omp - ok
22:17:54.0387 1804 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:17:54.0389 1804 i8042prt - ok
22:17:54.0418 1804 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:17:54.0422 1804 iaStorV - ok
22:17:54.0463 1804 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:17:54.0464 1804 iirsp - ok
22:17:54.0569 1804 IntcAzAudAddService (b8716d9677b04b82fa405c8c54954728) C:\Windows\system32\drivers\RTKVHDA.sys
22:17:54.0635 1804 IntcAzAudAddService - ok
22:17:54.0658 1804 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:17:54.0659 1804 intelide - ok
22:17:54.0696 1804 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:17:54.0698 1804 intelppm - ok
22:17:54.0730 1804 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:17:54.0732 1804 IpFilterDriver - ok
22:17:54.0751 1804 IpInIp - ok
22:17:54.0776 1804 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:17:54.0777 1804 IPMIDRV - ok
22:17:54.0798 1804 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:17:54.0800 1804 IPNAT - ok
22:17:54.0837 1804 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:17:54.0838 1804 IRENUM - ok
22:17:54.0860 1804 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:17:54.0861 1804 isapnp - ok
22:17:54.0900 1804 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:17:54.0903 1804 iScsiPrt - ok
22:17:54.0919 1804 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:17:54.0920 1804 iteatapi - ok
22:17:54.0951 1804 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:17:54.0952 1804 iteraid - ok
22:17:54.0969 1804 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:17:54.0971 1804 kbdclass - ok
22:17:54.0998 1804 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:17:54.0999 1804 kbdhid - ok
22:17:55.0072 1804 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:17:55.0078 1804 KSecDD - ok
22:17:55.0168 1804 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
22:17:55.0169 1804 lirsgt - ok
22:17:55.0186 1804 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:17:55.0187 1804 lltdio - ok
22:17:55.0220 1804 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:17:55.0222 1804 LSI_FC - ok
22:17:55.0245 1804 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:17:55.0246 1804 LSI_SAS - ok
22:17:55.0269 1804 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:17:55.0270 1804 LSI_SCSI - ok
22:17:55.0291 1804 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:17:55.0293 1804 luafv - ok
22:17:55.0378 1804 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
22:17:55.0380 1804 LVPr2Mon - ok
22:17:55.0424 1804 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:17:55.0425 1804 megasas - ok
22:17:55.0472 1804 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:17:55.0480 1804 MegaSR - ok
22:17:55.0521 1804 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:17:55.0522 1804 Modem - ok
22:17:55.0544 1804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:17:55.0545 1804 monitor - ok
22:17:55.0567 1804 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:17:55.0568 1804 mouclass - ok
22:17:55.0591 1804 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:17:55.0593 1804 mouhid - ok
22:17:55.0619 1804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:17:55.0621 1804 MountMgr - ok
22:17:55.0657 1804 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:17:55.0659 1804 mpio - ok
22:17:55.0683 1804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:17:55.0685 1804 mpsdrv - ok
22:17:55.0714 1804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:17:55.0715 1804 Mraid35x - ok
22:17:55.0767 1804 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:17:55.0769 1804 MRxDAV - ok
22:17:55.0801 1804 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:17:55.0803 1804 mrxsmb - ok
22:17:55.0869 1804 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:17:55.0873 1804 mrxsmb10 - ok
22:17:55.0886 1804 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:17:55.0888 1804 mrxsmb20 - ok
22:17:55.0926 1804 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
22:17:55.0928 1804 msahci - ok
22:17:55.0961 1804 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:17:55.0963 1804 msdsm - ok
22:17:56.0004 1804 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:17:56.0005 1804 Msfs - ok
22:17:56.0042 1804 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:17:56.0044 1804 msisadrv - ok
22:17:56.0093 1804 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:17:56.0094 1804 MSKSSRV - ok
22:17:56.0114 1804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:17:56.0116 1804 MSPCLOCK - ok
22:17:56.0144 1804 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:17:56.0145 1804 MSPQM - ok
22:17:56.0205 1804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:17:56.0207 1804 MsRPC - ok
22:17:56.0253 1804 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:17:56.0255 1804 mssmbios - ok
22:17:56.0278 1804 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:17:56.0279 1804 MSTEE - ok
22:17:56.0298 1804 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:17:56.0300 1804 Mup - ok
22:17:56.0376 1804 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:17:56.0378 1804 NativeWifiP - ok
22:17:56.0453 1804 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:17:56.0460 1804 NDIS - ok
22:17:56.0495 1804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:17:56.0497 1804 NdisTapi - ok
22:17:56.0524 1804 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:17:56.0525 1804 Ndisuio - ok
22:17:56.0567 1804 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:17:56.0570 1804 NdisWan - ok
22:17:56.0600 1804 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:17:56.0601 1804 NDProxy - ok
22:17:56.0652 1804 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:17:56.0653 1804 NetBIOS - ok
22:17:56.0710 1804 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:17:56.0712 1804 netbt - ok
22:17:56.0757 1804 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:17:56.0759 1804 nfrd960 - ok
22:17:56.0848 1804 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:17:56.0849 1804 Npfs - ok
22:17:56.0868 1804 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:17:56.0869 1804 nsiproxy - ok
22:17:56.0990 1804 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:17:57.0021 1804 Ntfs - ok
22:17:57.0044 1804 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:17:57.0046 1804 ntrigdigi - ok
22:17:57.0289 1804 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:17:57.0291 1804 NuidFltr - ok
22:17:57.0310 1804 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:17:57.0311 1804 Null - ok
22:17:57.0375 1804 NVENETFD (adb84b1e6b837c45443aa25abe9e7012) C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:17:57.0409 1804 NVENETFD - ok
22:17:57.0452 1804 NVHDA (faa22e6256d9fa2c7f77b67c68cdd749) C:\Windows\system32\drivers\nvhda32v.sys
22:17:57.0454 1804 NVHDA - ok
22:17:57.0696 1804 nvlddmkm (cd10cf6c0200a6fe2f9ed9747ba123a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:17:57.0827 1804 nvlddmkm - ok
22:17:57.0865 1804 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:17:57.0867 1804 nvraid - ok
22:17:57.0902 1804 nvsmu (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys
22:17:57.0904 1804 nvsmu - ok
22:17:57.0931 1804 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:17:57.0932 1804 nvstor - ok
22:17:57.0976 1804 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
22:17:57.0979 1804 nvstor32 - ok
22:17:58.0008 1804 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:17:58.0010 1804 nv_agp - ok
22:17:58.0022 1804 NwlnkFlt - ok
22:17:58.0038 1804 NwlnkFwd - ok
22:17:58.0080 1804 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:17:58.0082 1804 ohci1394 - ok
22:17:58.0145 1804 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:17:58.0146 1804 Parport - ok
22:17:58.0196 1804 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:17:58.0198 1804 partmgr - ok
22:17:58.0221 1804 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:17:58.0223 1804 Parvdm - ok
22:17:58.0266 1804 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:17:58.0268 1804 pci - ok
22:17:58.0290 1804 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:17:58.0291 1804 pciide - ok
22:17:58.0319 1804 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:17:58.0321 1804 pcmcia - ok
22:17:58.0373 1804 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:17:58.0392 1804 PEAUTH - ok
22:17:58.0490 1804 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\Windows\system32\DRIVERS\LV561AV.SYS
22:17:58.0499 1804 PID_0928 - ok
22:17:58.0635 1804 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:17:58.0636 1804 PptpMiniport - ok
22:17:58.0665 1804 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:17:58.0667 1804 Processor - ok
22:17:58.0734 1804 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:17:58.0736 1804 PSched - ok
22:17:58.0765 1804 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
22:17:58.0766 1804 PxHelp20 - ok
22:17:58.0826 1804 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:17:58.0859 1804 ql2300 - ok
22:17:58.0879 1804 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:17:58.0881 1804 ql40xx - ok
22:17:58.0914 1804 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:17:58.0916 1804 QWAVEdrv - ok
22:17:58.0932 1804 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:17:58.0933 1804 RasAcd - ok
22:17:58.0955 1804 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:17:58.0957 1804 Rasl2tp - ok
22:17:59.0015 1804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:17:59.0017 1804 RasPppoe - ok
22:17:59.0056 1804 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:17:59.0058 1804 RasSstp - ok
22:17:59.0108 1804 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:17:59.0112 1804 rdbss - ok
22:17:59.0136 1804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:17:59.0137 1804 RDPCDD - ok
22:17:59.0175 1804 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:17:59.0178 1804 rdpdr - ok
22:17:59.0191 1804 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:17:59.0193 1804 RDPENCDD - ok
22:17:59.0233 1804 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:17:59.0236 1804 RDPWD - ok
22:17:59.0298 1804 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:17:59.0300 1804 rspndr - ok
22:17:59.0325 1804 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
22:17:59.0326 1804 RTSTOR - ok
22:17:59.0357 1804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:17:59.0359 1804 sbp2port - ok
22:17:59.0406 1804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:17:59.0407 1804 secdrv - ok
22:17:59.0436 1804 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:17:59.0437 1804 Serenum - ok
22:17:59.0475 1804 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:17:59.0477 1804 Serial - ok
22:17:59.0500 1804 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:17:59.0501 1804 sermouse - ok
22:17:59.0541 1804 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:17:59.0542 1804 sffdisk - ok
22:17:59.0567 1804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:17:59.0568 1804 sffp_mmc - ok
22:17:59.0592 1804 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:17:59.0593 1804 sffp_sd - ok
22:17:59.0607 1804 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:17:59.0609 1804 sfloppy - ok
22:17:59.0642 1804 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:17:59.0644 1804 sisagp - ok
22:17:59.0661 1804 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:17:59.0663 1804 SiSRaid2 - ok
22:17:59.0688 1804 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:17:59.0689 1804 SiSRaid4 - ok
22:17:59.0764 1804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:17:59.0766 1804 Smb - ok
22:17:59.0819 1804 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:17:59.0820 1804 spldr - ok
22:17:59.0866 1804 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:17:59.0872 1804 srv - ok
22:17:59.0904 1804 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:17:59.0906 1804 srv2 - ok
22:17:59.0933 1804 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:17:59.0935 1804 srvnet - ok
22:17:59.0992 1804 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:17:59.0994 1804 ssmdrv - ok
22:18:00.0056 1804 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:18:00.0057 1804 swenum - ok
22:18:00.0099 1804 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:18:00.0100 1804 Symc8xx - ok
22:18:00.0118 1804 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:18:00.0119 1804 Sym_hi - ok
22:18:00.0143 1804 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:18:00.0145 1804 Sym_u3 - ok
22:18:00.0177 1804 SynTP (be78198c69135ef1fa157e08fd5c90ff) C:\Windows\system32\DRIVERS\SynTP.sys
22:18:00.0180 1804 SynTP - ok
22:18:00.0253 1804 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:18:00.0272 1804 Tcpip - ok
22:18:00.0312 1804 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:18:00.0322 1804 Tcpip6 - ok
22:18:00.0360 1804 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:18:00.0362 1804 tcpipreg - ok
22:18:00.0397 1804 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:18:00.0399 1804 TDPIPE - ok
22:18:00.0424 1804 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:18:00.0425 1804 TDTCP - ok
22:18:00.0489 1804 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:18:00.0491 1804 tdx - ok
22:18:00.0535 1804 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:18:00.0537 1804 TermDD - ok
22:18:00.0578 1804 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:00.0580 1804 tssecsrv - ok
22:18:00.0603 1804 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:18:00.0604 1804 tunmp - ok
22:18:00.0649 1804 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:18:00.0650 1804 tunnel - ok
22:18:00.0670 1804 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:18:00.0672 1804 uagp35 - ok
22:18:00.0733 1804 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:18:00.0737 1804 udfs - ok
22:18:00.0771 1804 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:18:00.0773 1804 uliagpkx - ok
22:18:00.0800 1804 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:18:00.0805 1804 uliahci - ok
22:18:00.0828 1804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:18:00.0830 1804 UlSata - ok
22:18:00.0870 1804 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:18:00.0872 1804 ulsata2 - ok
22:18:00.0895 1804 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:18:00.0897 1804 umbus - ok
22:18:00.0976 1804 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
22:18:00.0978 1804 USBAAPL - ok
22:18:01.0021 1804 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:18:01.0023 1804 usbccgp - ok
22:18:01.0054 1804 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:18:01.0056 1804 usbcir - ok
22:18:01.0085 1804 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:18:01.0087 1804 usbehci - ok
22:18:01.0123 1804 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:18:01.0125 1804 usbhub - ok
22:18:01.0161 1804 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:18:01.0163 1804 usbohci - ok
22:18:01.0189 1804 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
22:18:01.0190 1804 usbprint - ok
22:18:01.0217 1804 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:01.0219 1804 USBSTOR - ok
22:18:01.0244 1804 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:18:01.0246 1804 usbuhci - ok
22:18:01.0299 1804 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:18:01.0301 1804 usbvideo - ok
22:18:01.0333 1804 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:01.0334 1804 vga - ok
22:18:01.0358 1804 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:18:01.0359 1804 VgaSave - ok
22:18:01.0382 1804 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:18:01.0384 1804 viaagp - ok
22:18:01.0405 1804 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:18:01.0406 1804 ViaC7 - ok
22:18:01.0433 1804 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:18:01.0434 1804 viaide - ok
22:18:01.0477 1804 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:18:01.0479 1804 volmgr - ok
22:18:01.0534 1804 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:18:01.0539 1804 volmgrx - ok
22:18:01.0591 1804 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:18:01.0594 1804 volsnap - ok
22:18:01.0636 1804 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:18:01.0639 1804 vsmraid - ok
22:18:01.0675 1804 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:18:01.0676 1804 WacomPen - ok
22:18:01.0696 1804 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:01.0698 1804 Wanarp - ok
22:18:01.0719 1804 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:01.0721 1804 Wanarpv6 - ok
22:18:01.0756 1804 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:18:01.0757 1804 Wd - ok
22:18:01.0798 1804 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:18:01.0805 1804 Wdf01000 - ok
22:18:01.0893 1804 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:18:01.0895 1804 WmiAcpi - ok
22:18:01.0964 1804 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:18:01.0966 1804 WpdUsb - ok
22:18:01.0992 1804 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:18:01.0993 1804 ws2ifsl - ok
22:18:02.0046 1804 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:02.0048 1804 WUDFRd - ok
22:18:02.0094 1804 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
22:18:02.0095 1804 XUIF - ok
22:18:02.0220 1804 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HomeCinema\PlayMovie\000.fcl
22:18:02.0221 1804 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
22:18:02.0405 1804 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HomeCinema\PowerDVD8\000.fcl
22:18:02.0406 1804 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
22:18:02.0430 1804 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:18:02.0502 1804 \Device\Harddisk0\DR0 - ok
22:18:02.0508 1804 Boot (0x1200) (a1003dd3ff05d2edf2ccf93d049c381f) \Device\Harddisk0\DR0\Partition0
22:18:02.0509 1804 \Device\Harddisk0\DR0\Partition0 - ok
22:18:02.0554 1804 Boot (0x1200) (6f9846175cb6c258007fb98eac3fe9df) \Device\Harddisk0\DR0\Partition1
22:18:02.0554 1804 \Device\Harddisk0\DR0\Partition1 - ok
22:18:02.0555 1804 ============================================================
22:18:02.0555 1804 Scan finished
22:18:02.0555 1804 ============================================================
22:18:02.0573 1664 Detected object count: 0
22:18:02.0573 1664 Actual detected object count: 0
MfG Jörg |
|
20.01.2012, 11:43
| #9 |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi, ja, sieht ok aus... Falls keine sonstigen Symptome (Umleitungen, sich öffnende Browserfenster etc.) auftauchen, sollten wir durch sein... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
20.01.2012, 14:34
| #10 | |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Ok, super vielen Dank Chris, ohne deine Hilfe hätte ich das nie in den Griff bekommen.  Ein paar Fragen hab ich aber noch: 1. Was mache ich hier? Zitat:
3. Die von ESET in Quarantäne verschobenen Dateien, was passiert mit denen? Babylon Toolbar ist Schrott, das ist klar, aber was ist mit dem Rest? Braucht man das noch? Ich hoffe, das war´s dann endgültig. Nochmals vielen Dank für deine Bemühungen MfG Jörg |
|
20.01.2012, 16:47
| #11 |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hi, kann gelöscht werden (das von ESET); Für eine "rückstandsfreie Entfernung" von ESET kann der Eintrag mit HJ entfernt werden (muß aber nicht)... Defogger kann gelösch twerden... Gruß, chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
26.01.2012, 15:11
| #12 |
| | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Sieht soweit alles gut aus, keine ungewöhnlichen Meldungen mehr. Das sollte es gewesen sein. Vielen Dank für deine Hilfe Chris, allein hätte ich das niemals hinbekommen. Nun will ich mal hoffen, dass mir so ein "Schnupfen" in Zukunft erspart bleibt. LG Jörg |
|
| Themen zu Aus Sicherheitsgründen wurde ihr Windowssystem blockiert |
| abbruch, autorun, avira, babylon, babylon toolbar, babylontoolbar, bho, bildschirm, blockiert, bonjour, curse, error, excel, firefox, flash player, format, home, install.exe, installation, intranet, metin2, microsoft office word, monkey island, mozilla thunderbird, object, plug-in, realtek, registry, rundll, scan, search the web, senden, software, svchost.exe, udp, usb 2.0, version=1.0, vista, windows, wurde ihr |
Linear-Darstellung
