| |
| |||||||
Log-Analyse und Auswertung: BKA-trojaner, ukashWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.01.2012, 18:19
| #1 |
 |  BKA-trojaner, ukash Hallo, ich wurde nun auch von dem, wie mir scheint im Moment sehr häufigen bka Trojaner befallen. Nachdem ich mich jetzt mit dem Thema auseinandergesetzt habe wundert es mich nicht, denn in Sachen Virenschutz hab ich bisher nicht viel unternommen. Als der Virus auftrat hab ich mich kurz informiert und habe kurzerhand über den abgesicherten Modus eine Systemwiederherstellung durchgeführt. Das Problem wurde behoben allerdings die Ursache nicht. Ich habe dann einen Check mit Malwarebytes und ESET durchgeführt und es wurde einiges gefunden. Ich hab bisher noch keinen scan mit Malwarebytes gemacht, daher ist dies der einzige Log. Ich habe außerdem die Viren mit Malwarebytes gelöscht, ich hoffe das war kein Fehler. Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.17.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 8.0.6001.19170 leon :: LEON-PC [Administrator] 17.01.2012 13:57:29 mbam-log-2012-01-17 (13-57-29).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 478146 Laufzeit: 1 Stunde(n), 27 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\3a9fcf3b-7751dba7 (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\leon\AppData\Local\Temp\0.3598520040292984.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\leon\AppData\Local\Temp\0.5324901587758533.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\leon\AppData\Local\Temp\0.5594577602595693.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\leon\AppData\Local\Temp\0.6317527163818346.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\leon\AppData\Local\Temp\0.691575840140897.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=78f9628f4f3f664398b5bc9b02a2a5ab
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-17 02:49:32
# local_time=2012-01-17 03:49:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 262301 101708319 319747 0
# compatibility_mode=5892 16776573 100 56 4255 164335661 0 0
# compatibility_mode=8192 67108863 100 0 4048 4048 0 0
# scanned=84
# found=0
# cleaned=0
# scan_time=17
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=78f9628f4f3f664398b5bc9b02a2a5ab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-17 04:26:30
# local_time=2012-01-17 05:26:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 262337 101708355 319783 0
# compatibility_mode=5892 16776573 100 56 4291 164335697 0 0
# compatibility_mode=8192 67108863 100 0 4084 4084 0 0
# scanned=334329
# found=14
# cleaned=0
# scan_time=5799
C:\Users\leon\AppData\Local\Temp\jar_cache5993408437794125822.tmp Java/Exploit.CVE-2011-3544.U trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\Local\Temp\jar_cache6841442664753669831.tmp Java/Exploit.CVE-2010-0840.AG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\Local\Temp\SetupDataMngr_iMesh.exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\78864d5d-51231ee2 Java/Agent.DU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7e7c695f-76b07f25 Java/Agent.DS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-6447b881 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-651c7868 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-6821afc0 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-6b21fd08 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-7c8a5794 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-7dd6becb a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\1e80933c-179f759e a variant of Win32/Kryptik.TON trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\20ac123c-69ccc47a Java/Exploit.CVE-2011-3544.Y trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\leon\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I
Gruß Leon |
|
18.01.2012, 20:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BKA-trojaner, ukash Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
18.01.2012, 23:10
| #3 |
| | BKA-trojaner, ukash Hallo,
__________________nein es war das erste mal, dass ich Malwarebytes benutzt habe, der obige Log ist der einzige der sich in dem Reiter befindet. Gruß |
|
19.01.2012, 10:17
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-trojaner, ukash Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.01.2012, 15:59
| #5 |
| | BKA-trojaner, ukash hier der log von OTL Code:
ATTFilter OTL logfile created on: 19.01.2012 15:37:23 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\leon\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 68,73% Memory free 8,21 Gb Paging File | 6,73 Gb Available in Paging File | 81,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 623,89 Gb Total Space | 351,39 Gb Free Space | 56,32% Space Free | Partition Type: NTFS Drive I: | 244,14 Gb Total Space | 243,95 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive M: | 48,83 Gb Total Space | 47,51 Gb Free Space | 97,31% Space Free | Partition Type: NTFS Computer Name: LEON-PC | User Name: leon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.19 15:33:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\leon\Downloads\OTL.exe PRC - [2011.08.10 17:40:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.08.10 17:40:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.03 18:39:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.04 17:21:17 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009.03.09 04:19:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- M:\Java\bin\jucheck.exe PRC - [2009.03.09 04:19:17 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- M:\Java\bin\jusched.exe PRC - [2008.07.07 15:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe PRC - [2007.09.10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.01.21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv) SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- M:\SASCORE64.EXE -- (!SASCORE) SRV - [2011.08.10 17:40:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.08.10 17:40:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.04 17:21:17 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.17 01:39:00 | 002,736,890 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2008.10.21 13:00:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService) SRV - [2007.09.10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.10 17:40:31 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2011.08.10 17:40:31 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.07.27 08:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC) DRV:64bit: - [2010.06.10 00:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV:64bit: - [2008.10.17 10:00:00 | 000,179,768 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd3kfNt.sys -- (Mkd3kfNt) DRV:64bit: - [2008.10.17 10:00:00 | 000,106,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr) DRV:64bit: - [2008.04.16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2011.10.06 12:53:12 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CESG502.SYS -- (PVUSB) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] () [Kernel | System | Running] -- M:\\SASDIFSV64.SYS -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] () [Kernel | System | Running] -- M:\\SASKUTIL64.SYS -- (SASKUTIL) DRV - [2008.07.16 13:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) DRV - [2005.01.03 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: M:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Firefox\components [2012.01.08 19:26:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Firefox\plugins [2011.12.08 15:58:48 | 000,000,000 | ---D | M] [2009.01.05 18:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leon\AppData\Roaming\mozilla\Extensions [2012.01.07 23:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions [2009.08.31 22:11:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.12 18:53:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.08.28 13:33:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.07 23:21:35 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions\support@predictad.com ========== Chrome ========== O1 HOSTS File: ([2010.04.27 13:28:05 | 000,000,987 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - M:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\Run: [SunJavaUpdateSched] M:\Java\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [SUPERAntiSpyware] M:\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - Startup: C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\leon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\leon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\leon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAD1B8C9-3501-4D91-BB57-F98241E200E8}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\leon\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\leon\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{cd482b3b-ae22-11df-b0fb-00226838a449}\Shell\AutoRun\command - "" = J:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Iolo Macro Magic.lnk - C:\PROGRA~2\Iolo\MACROM~1\Macros.exe - () MsConfig:64bit - StartUpFolder: C:^Users^leon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\leon\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^leon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - M:\openoffice\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: CurseClient - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: !SASCORE - M:\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: !SASCORE - M:\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.divxa32 - DivXa32.acm File not found Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.17 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{A9BBAE0F-C4CF-4BD6-917C-7F163358C3DA} [2012.01.17 18:11:45 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{00D7E8ED-4324-42AD-AC0B-6D06D6C047BF} [2012.01.17 15:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.17 15:41:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\leon\Desktop\esetsmartinstaller_enu.exe [2012.01.17 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com [2012.01.17 15:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.01.17 15:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.01.17 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Roaming\Malwarebytes [2012.01.17 13:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.17 13:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.17 13:55:32 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.17 13:55:32 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware [2012.01.16 21:34:32 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{6457B732-3402-4177-963B-F7647278C1C1} [2012.01.16 21:34:28 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{D7A590AF-24C4-419A-8096-90678E10CF4F} [2012.01.15 14:46:44 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{E1056E67-26D6-4079-B4DF-4680E27F7CC5} [2012.01.15 14:46:43 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{72E802B2-AD1D-4F56-878B-2D51A4763C20} [2012.01.14 15:59:24 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{00620D53-4F2E-43B9-A09D-908E1878947C} [2012.01.14 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{9E7AB179-84BE-4AC0-8061-42C59E0C35DD} [2012.01.13 21:59:32 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{38D09863-AD53-40F9-A290-316F37A22587} [2012.01.13 21:59:29 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{D2A735BC-D4A4-45AE-8294-F2602BA403B1} [2012.01.12 16:06:31 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{B6FC55D3-2CB2-4829-9E03-23BA90E8AC81} [2012.01.12 16:06:29 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{6ED014EC-AF32-42B0-B3E8-02C5989AFC12} [2012.01.11 21:36:23 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{CA07D67B-35EF-4EAD-BAF7-7662394FC966} [2012.01.11 21:36:22 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{FBE98FE7-E288-49EF-AA12-4B10DC5B2153} [2012.01.10 13:44:06 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{BDE5858F-6D30-452E-A8BF-E953F1A4A9E4} [2012.01.10 13:44:05 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{20114FE2-D195-4983-A238-82028F890BDB} [2012.01.09 20:35:23 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{FA7DD910-ED07-4570-9190-408F6E5AE415} [2012.01.09 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{01ED3C02-77B2-4D0E-B9D5-7F7DFA34BB82} [2012.01.08 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{DA4B7037-17AA-4B33-B3CC-EF06627DE409} [2012.01.08 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{85D32734-5F32-4904-9A1A-E51171E343A2} [2012.01.07 23:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutocompletePro [2012.01.07 12:21:10 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{8F971144-EC72-41AB-967B-F937086EF683} [2012.01.07 12:21:09 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{63AA0E16-7959-4D2C-91BC-6308E198F6DD} [2012.01.06 20:14:27 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{7FD660EE-61F3-4F26-BA95-108B005BCC45} [2012.01.06 20:14:25 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{58B03D49-03D4-490F-911B-0BE70C25DFCC} [2012.01.05 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{28263EFA-6E91-44C6-B22D-29C45B5674D4} [2012.01.05 16:31:34 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{F842BFEF-88C6-404A-85F6-851756EE56A8} [2012.01.04 21:36:00 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{E5895A2C-3AED-421D-9B74-31562219DADC} [2012.01.04 21:35:58 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{A33D24E0-03A5-45F3-B353-FDEB2412A48F} [2012.01.03 15:35:12 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{03C1D324-AEFA-478E-8998-93CB9A592611} [2012.01.03 15:35:11 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{52A8F511-45E3-431C-BA3C-95B47F40F612} [2012.01.02 21:25:26 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{A0DAD41F-98B9-410B-8817-C3B4CD56CAAC} [2012.01.02 21:25:24 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{AD435F79-E78F-4162-97E5-C0D0B5CD8A2A} [2012.01.01 16:41:22 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{06C9D5A7-944A-4753-9237-35F82262BC2A} [2012.01.01 16:41:19 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{214318B9-773A-4C25-A9B3-C5D7CB17F26A} [2011.12.31 14:57:33 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{6C8951DA-0E39-401A-BAAA-221943182F37} [2011.12.31 14:57:32 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{14C3FCC4-86ED-49A0-8311-221498620D9F} [2011.12.30 15:25:06 | 000,000,000 | ---D | C] -- C:\Users\leon\Desktop\Neuer Ordner (2) [2011.12.30 14:55:31 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{F85A8F06-0C42-4474-91EF-FF71C55CB132} [2011.12.30 14:55:30 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{58C65D32-7A77-45B2-8A2A-39F5A79559CE} [2011.12.22 11:21:20 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{FD1E03CF-A038-458B-8DD9-7647875C48EE} [2011.12.22 11:21:18 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{33C84E4F-FDDB-4620-B4C5-B8705089A04D} [2011.12.21 16:09:38 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{CDBF2151-5AC3-44B7-BA4C-63551E842D20} [2011.12.21 16:09:37 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{69E463B5-6C80-412C-8B0E-A0CF7997FA6A} [2011.12.21 00:54:14 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{14184F0B-5F86-40C7-9B55-A6848195DC53} [2011.12.21 00:54:13 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{11A18BD6-2A73-4146-B3CF-85DCA5D0EA4F} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\leon\*.tmp files -> C:\Users\leon\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.19 15:40:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.19 15:30:39 | 001,458,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.19 15:30:39 | 000,633,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.19 15:30:39 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.19 15:30:39 | 000,128,784 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.19 15:30:39 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.19 15:27:10 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.19 15:24:13 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.01.19 15:24:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2012.01.19 15:24:00 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.19 15:24:00 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.19 15:23:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.19 15:23:52 | 4293,120,000 | -HS- | M] () -- C:\hiberfil.sys [2012.01.17 15:41:44 | 002,322,184 | ---- | M] (ESET) -- C:\Users\leon\Desktop\esetsmartinstaller_enu.exe [2012.01.17 15:26:56 | 000,000,307 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.09 23:24:21 | 000,000,959 | ---- | M] () -- C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.01.09 20:35:19 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.12.30 15:33:53 | 000,066,048 | ---- | M] () -- C:\Users\leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\leon\*.tmp files -> C:\Users\leon\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.17 15:26:56 | 000,000,307 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.17 13:43:09 | 4293,120,000 | -HS- | C] () -- C:\hiberfil.sys [2012.01.09 23:24:21 | 000,000,959 | ---- | C] () -- C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.15 19:19:16 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.10.06 12:54:11 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\tcdl2.dll [2011.10.06 12:54:11 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\ctsn32.dll [2011.09.18 15:02:10 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2010.07.27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010.07.27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2010.07.27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010.07.25 16:45:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.01.04 17:21:25 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.01.04 17:21:17 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.01.02 20:01:53 | 000,000,000 | ---- | C] () -- C:\Windows\scummvm.ini [2009.12.03 14:27:30 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.12.03 14:27:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.12.03 14:26:44 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.11.27 16:51:20 | 000,000,680 | ---- | C] () -- C:\Users\leon\AppData\Local\d3d9caps.dat [2009.04.12 01:45:03 | 000,000,552 | ---- | C] () -- C:\Users\leon\AppData\Local\d3d8caps.dat [2009.03.29 20:05:38 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini [2009.02.08 15:10:47 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2009.02.08 15:10:47 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2009.02.08 15:10:47 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2009.01.06 23:22:54 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.01.06 15:36:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.01.05 21:36:30 | 000,024,226 | ---- | C] () -- C:\Users\leon\AppData\Roaming\UserTile.png [2009.01.05 20:47:31 | 000,066,048 | ---- | C] () -- C:\Users\leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.05 18:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.21 13:08:41 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2008.10.21 12:59:06 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2005.04.06 16:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2005.04.06 16:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2002.10.12 15:41:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini [2002.05.24 00:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\lockout.dll [2002.05.24 00:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\lockres.dll [2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll [2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll [2001.08.31 14:33:58 | 000,425,984 | ---- | C] () -- C:\Windows\SysWow64\VxDMDcDlg.dll ========== LOP Check ========== [2009.01.06 00:02:34 | 000,000,000 | -HSD | M] -- C:\Users\leon\AppData\Roaming\.# [2010.12.31 13:44:28 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Audio Record Edit Toolbox [2010.11.06 21:03:14 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Audio Recorder for Free 2010 [2012.01.19 15:28:24 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Dropbox [2011.08.28 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DVDVideoSoft [2011.08.28 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.15 20:21:15 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\ICQ [2011.09.07 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\IrfanView [2010.05.31 10:11:06 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\LolClient [2010.03.04 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2009.02.08 12:14:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\OpenArena [2009.05.25 19:15:15 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\OpenOffice.org [2010.01.26 13:59:34 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\PacificPoker [2009.02.22 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Packard Bell [2009.01.05 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\PeerNetworking [2009.06.15 18:05:12 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\ScummVM [2010.04.23 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\TS3Client [2011.08.27 17:41:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Ubisoft [2011.08.27 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\uTorrent [2009.06.30 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\VERITAS [2011.08.28 21:21:24 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Windows Live Writer [2011.12.12 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\xm1 [2012.01.18 23:49:47 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.01.06 00:02:34 | 000,000,000 | -HSD | M] -- C:\Users\leon\AppData\Roaming\.# [2011.09.07 16:08:38 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Adobe [2011.08.24 18:13:01 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Apple Computer [2010.12.31 13:44:28 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Audio Record Edit Toolbox [2010.11.06 21:03:14 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Audio Recorder for Free 2010 [2011.04.03 18:35:32 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Avira [2010.08.03 19:58:03 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DivX [2012.01.19 15:28:24 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Dropbox [2011.11.23 21:48:50 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\dvdcss [2011.08.28 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DVDVideoSoft [2011.08.28 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.15 20:21:15 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\ICQ [2009.01.05 18:44:29 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Identities [2011.09.07 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\IrfanView [2010.05.31 10:11:06 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\LolClient [2010.03.04 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2009.01.05 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Macromedia [2012.01.17 13:55:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Malwarebytes [2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Media Center Programs [2011.10.06 12:54:06 | 000,000,000 | --SD | M] -- C:\Users\leon\AppData\Roaming\Microsoft [2011.12.13 15:14:41 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\MiKTeX [2009.01.05 18:59:29 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Mozilla [2009.02.08 12:14:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\OpenArena [2009.05.25 19:15:15 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\OpenOffice.org [2010.01.26 13:59:34 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\PacificPoker [2009.02.22 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Packard Bell [2009.01.05 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\PeerNetworking [2009.06.15 18:05:12 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\ScummVM [2011.11.18 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Skype [2011.08.29 16:17:17 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\skypePM [2010.08.09 12:14:52 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Sun [2012.01.17 15:33:20 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com [2009.01.05 18:45:03 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Symantec [2010.08.10 19:24:10 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\teamspeak2 [2010.04.23 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\TS3Client [2011.08.27 17:41:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Ubisoft [2011.08.27 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\uTorrent [2010.06.06 14:44:08 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Ventrilo [2009.06.30 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\VERITAS [2009.04.01 19:05:34 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\vlc [2011.08.28 21:21:24 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Windows Live Writer [2009.01.06 15:48:04 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\WinRAR [2011.12.12 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\xm1 < %APPDATA%\*.exe /s > [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\leon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\leon\AppData\Roaming\Dropbox\bin\Uninstall.exe [2010.03.04 18:23:56 | 000,038,784 | ---- | M] () -- C:\Users\leon\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.10.06 12:54:06 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\leon\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\ARPPRODUCTICON.exe [2011.10.06 12:54:06 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\leon\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut1_71F205E9C01C47C5B0298AAC14AF03F1.exe [2011.10.06 12:54:06 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\leon\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut2_71F205E9C01C47C5B0298AAC14AF03F1.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
19.01.2012, 21:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-trojaner, ukash Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cd482b3b-ae22-11df-b0fb-00226838a449}\Shell\AutoRun\command - "" = J:\Menu.exe
MsConfig:64bit - StartUpReg: CurseClient - hkey= - key= - File not found
[2012.01.07 23:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutocompletePro
[2009.01.06 00:02:34 | 000,000,000 | -HSD | M] -- C:\Users\leon\AppData\Roaming\.#
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> BKA-trojaner, ukash |
|
19.01.2012, 21:41
| #7 |
| | BKA-trojaner, ukash Hallo, der fix ist durchgeführt. Am Anfang hat er mir eine Fehlermeldung gegeben, dass kein Datenträger in Laufwerk H ist. Ich hab dann auf abbrechen geklickt, der rest wurde soweit ich das sehe vernünftig ausgeführt. Danke  Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd482b3b-ae22-11df-b0fb-00226838a449}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd482b3b-ae22-11df-b0fb-00226838a449}\ not found.
File J:\Menu.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CurseClient\ not found.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults\preferences folder moved successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults folder moved successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content folder moved successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome folder moved successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com folder moved successfully.
C:\Program Files (x86)\AutocompletePro\chrome folder moved successfully.
C:\Program Files (x86)\AutocompletePro folder moved successfully.
C:\Users\leon\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: leon
->Temp folder emptied: 905441198 bytes
->Temporary Internet Files folder emptied: 300786600 bytes
->Java cache emptied: 63827 bytes
->FireFox cache emptied: 353569265 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 47944 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134253943 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 963247353 bytes
Total Files Cleaned = 2.540,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01192012_213322
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
19.01.2012, 23:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-trojaner, ukash Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.01.2012, 01:04
| #9 |
| | BKA-trojaner, ukash scan fertig, hat aber nichts gefunden. Code:
ATTFilter 01:02:05.0863 2524 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
01:02:06.0041 2524 ============================================================
01:02:06.0041 2524 Current date / time: 2012/01/20 01:02:06.0041
01:02:06.0041 2524 SystemInfo:
01:02:06.0041 2524
01:02:06.0041 2524 OS Version: 6.0.6002 ServicePack: 2.0
01:02:06.0041 2524 Product type: Workstation
01:02:06.0041 2524 ComputerName: LEON-PC
01:02:06.0041 2524 UserName: leon
01:02:06.0041 2524 Windows directory: C:\Windows
01:02:06.0041 2524 System windows directory: C:\Windows
01:02:06.0041 2524 Running under WOW64
01:02:06.0041 2524 Processor architecture: Intel x64
01:02:06.0041 2524 Number of processors: 4
01:02:06.0041 2524 Page size: 0x1000
01:02:06.0041 2524 Boot type: Normal boot
01:02:06.0042 2524 ============================================================
01:02:06.0383 2524 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:02:06.0399 2524 Drive \Device\Harddisk5\DR5 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:02:06.0528 2524 Initialize success
01:02:11.0448 0544 ============================================================
01:02:11.0449 0544 Scan started
01:02:11.0449 0544 Mode: Manual; SigCheck; TDLFS;
01:02:11.0449 0544 ============================================================
01:02:12.0553 0544 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
01:02:12.0671 0544 ACPI - ok
01:02:12.0835 0544 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
01:02:12.0871 0544 adp94xx - ok
01:02:12.0926 0544 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
01:02:12.0950 0544 adpahci - ok
01:02:13.0086 0544 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
01:02:13.0101 0544 adpu160m - ok
01:02:13.0146 0544 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
01:02:13.0162 0544 adpu320 - ok
01:02:13.0236 0544 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
01:02:13.0321 0544 AFD - ok
01:02:13.0432 0544 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
01:02:13.0447 0544 agp440 - ok
01:02:13.0511 0544 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
01:02:13.0525 0544 aic78xx - ok
01:02:13.0564 0544 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
01:02:13.0575 0544 aliide - ok
01:02:13.0596 0544 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
01:02:13.0607 0544 amdide - ok
01:02:13.0644 0544 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
01:02:13.0796 0544 AmdK8 - ok
01:02:13.0962 0544 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
01:02:13.0977 0544 arc - ok
01:02:14.0041 0544 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
01:02:14.0056 0544 arcsas - ok
01:02:14.0095 0544 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
01:02:14.0146 0544 AsyncMac - ok
01:02:14.0186 0544 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
01:02:14.0199 0544 atapi - ok
01:02:14.0270 0544 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
01:02:14.0308 0544 avgntflt - ok
01:02:14.0361 0544 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
01:02:14.0376 0544 avipbb - ok
01:02:14.0447 0544 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
01:02:14.0499 0544 blbdrive - ok
01:02:14.0566 0544 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
01:02:14.0641 0544 bowser - ok
01:02:14.0685 0544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
01:02:14.0842 0544 BrFiltLo - ok
01:02:14.0938 0544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
01:02:14.0975 0544 BrFiltUp - ok
01:02:15.0041 0544 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
01:02:15.0191 0544 Brserid - ok
01:02:15.0220 0544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
01:02:15.0291 0544 BrSerWdm - ok
01:02:15.0313 0544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
01:02:15.0378 0544 BrUsbMdm - ok
01:02:15.0401 0544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
01:02:15.0465 0544 BrUsbSer - ok
01:02:15.0512 0544 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
01:02:15.0577 0544 BTHMODEM - ok
01:02:15.0626 0544 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
01:02:15.0665 0544 cdfs - ok
01:02:15.0714 0544 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
01:02:15.0754 0544 cdrom - ok
01:02:15.0789 0544 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
01:02:15.0841 0544 circlass - ok
01:02:15.0889 0544 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
01:02:15.0945 0544 CLFS - ok
01:02:16.0000 0544 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
01:02:16.0011 0544 cmdide - ok
01:02:16.0034 0544 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
01:02:16.0046 0544 Compbatt - ok
01:02:16.0068 0544 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
01:02:16.0080 0544 crcdisk - ok
01:02:16.0155 0544 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
01:02:16.0207 0544 DfsC - ok
01:02:16.0256 0544 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
01:02:16.0271 0544 disk - ok
01:02:16.0331 0544 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
01:02:16.0368 0544 drmkaud - ok
01:02:16.0384 0544 dump_wmimmc - ok
01:02:16.0441 0544 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
01:02:16.0517 0544 DXGKrnl - ok
01:02:16.0579 0544 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
01:02:16.0642 0544 E1G60 - ok
01:02:16.0699 0544 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
01:02:16.0718 0544 Ecache - ok
01:02:16.0752 0544 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
01:02:16.0801 0544 elxstor - ok
01:02:16.0841 0544 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
01:02:16.0884 0544 ErrDev - ok
01:02:16.0976 0544 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
01:02:17.0041 0544 exfat - ok
01:02:17.0083 0544 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
01:02:17.0141 0544 fastfat - ok
01:02:17.0180 0544 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
01:02:17.0212 0544 fdc - ok
01:02:17.0238 0544 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
01:02:17.0253 0544 FileInfo - ok
01:02:17.0278 0544 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
01:02:17.0333 0544 Filetrace - ok
01:02:17.0362 0544 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:02:17.0393 0544 flpydisk - ok
01:02:17.0431 0544 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
01:02:17.0464 0544 FltMgr - ok
01:02:17.0497 0544 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
01:02:17.0543 0544 Fs_Rec - ok
01:02:17.0563 0544 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
01:02:17.0583 0544 gagp30kx - ok
01:02:17.0609 0544 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:02:17.0620 0544 GEARAspiWDM - ok
01:02:17.0686 0544 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
01:02:17.0777 0544 HdAudAddService - ok
01:02:17.0832 0544 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:02:17.0927 0544 HDAudBus - ok
01:02:17.0972 0544 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
01:02:18.0039 0544 HidBth - ok
01:02:18.0066 0544 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
01:02:18.0133 0544 HidIr - ok
01:02:18.0169 0544 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
01:02:18.0222 0544 HidUsb - ok
01:02:18.0254 0544 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
01:02:18.0268 0544 HpCISSs - ok
01:02:18.0321 0544 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
01:02:18.0434 0544 HTTP - ok
01:02:18.0455 0544 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
01:02:18.0468 0544 i2omp - ok
01:02:18.0498 0544 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
01:02:18.0534 0544 i8042prt - ok
01:02:18.0556 0544 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
01:02:18.0577 0544 iaStorV - ok
01:02:18.0609 0544 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
01:02:18.0622 0544 iirsp - ok
01:02:18.0728 0544 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
01:02:18.0738 0544 int15 - ok
01:02:18.0810 0544 IntcAzAudAddService (504eaa8a5a61b051ad5b26205fc00e12) C:\Windows\system32\drivers\RTKVHD64.sys
01:02:18.0916 0544 IntcAzAudAddService - ok
01:02:18.0980 0544 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
01:02:18.0992 0544 intelide - ok
01:02:19.0017 0544 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
01:02:19.0063 0544 intelppm - ok
01:02:19.0120 0544 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:02:19.0160 0544 IpFilterDriver - ok
01:02:19.0186 0544 IpInIp - ok
01:02:19.0214 0544 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
01:02:19.0264 0544 IPMIDRV - ok
01:02:19.0284 0544 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
01:02:19.0332 0544 IPNAT - ok
01:02:19.0359 0544 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
01:02:19.0406 0544 IRENUM - ok
01:02:19.0431 0544 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
01:02:19.0443 0544 isapnp - ok
01:02:19.0488 0544 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
01:02:19.0508 0544 iScsiPrt - ok
01:02:19.0526 0544 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
01:02:19.0545 0544 iteatapi - ok
01:02:19.0563 0544 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
01:02:19.0576 0544 iteraid - ok
01:02:19.0599 0544 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
01:02:19.0612 0544 kbdclass - ok
01:02:19.0629 0544 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
01:02:19.0664 0544 kbdhid - ok
01:02:19.0701 0544 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
01:02:19.0734 0544 KSecDD - ok
01:02:19.0780 0544 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
01:02:19.0835 0544 ksthunk - ok
01:02:19.0864 0544 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
01:02:19.0918 0544 lltdio - ok
01:02:19.0949 0544 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
01:02:19.0964 0544 LSI_FC - ok
01:02:19.0986 0544 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
01:02:20.0001 0544 LSI_SAS - ok
01:02:20.0029 0544 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
01:02:20.0044 0544 LSI_SCSI - ok
01:02:20.0062 0544 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
01:02:20.0107 0544 luafv - ok
01:02:20.0276 0544 LVUVC64 (bfba84b8a9c233ae42b11cf7bdfc6c01) C:\Windows\system32\DRIVERS\lvuvc64.sys
01:02:20.0921 0544 LVUVC64 - ok
01:02:21.0090 0544 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
01:02:21.0103 0544 megasas - ok
01:02:21.0164 0544 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
01:02:21.0197 0544 MegaSR - ok
01:02:21.0273 0544 Mkd2Nadr (957cc0c0b992adbc625ae1858115487c) C:\Windows\system32\drivers\Mkd2Nadr.sys
01:02:21.0286 0544 Mkd2Nadr - ok
01:02:21.0334 0544 Mkd3kfNt (a3ab450c7c31a546badc268d6b11703c) C:\Windows\system32\drivers\Mkd3kfNt.sys
01:02:21.0349 0544 Mkd3kfNt - ok
01:02:21.0370 0544 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
01:02:21.0427 0544 Modem - ok
01:02:21.0466 0544 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
01:02:21.0500 0544 monitor - ok
01:02:21.0519 0544 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
01:02:21.0532 0544 mouclass - ok
01:02:21.0558 0544 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
01:02:21.0604 0544 mouhid - ok
01:02:21.0624 0544 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
01:02:21.0638 0544 MountMgr - ok
01:02:21.0661 0544 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
01:02:21.0677 0544 mpio - ok
01:02:21.0704 0544 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
01:02:21.0756 0544 mpsdrv - ok
01:02:21.0776 0544 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
01:02:21.0788 0544 Mraid35x - ok
01:02:21.0824 0544 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
01:02:21.0911 0544 MRxDAV - ok
01:02:21.0933 0544 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:02:21.0992 0544 mrxsmb - ok
01:02:22.0017 0544 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:02:22.0049 0544 mrxsmb10 - ok
01:02:22.0072 0544 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:02:22.0103 0544 mrxsmb20 - ok
01:02:22.0156 0544 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
01:02:22.0168 0544 msahci - ok
01:02:22.0188 0544 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
01:02:22.0204 0544 msdsm - ok
01:02:22.0237 0544 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
01:02:22.0276 0544 Msfs - ok
01:02:22.0319 0544 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
01:02:22.0331 0544 msisadrv - ok
01:02:22.0365 0544 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
01:02:22.0404 0544 MSKSSRV - ok
01:02:22.0422 0544 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
01:02:22.0461 0544 MSPCLOCK - ok
01:02:22.0479 0544 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
01:02:22.0515 0544 MSPQM - ok
01:02:22.0556 0544 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
01:02:22.0578 0544 MsRPC - ok
01:02:22.0601 0544 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
01:02:22.0614 0544 mssmbios - ok
01:02:22.0653 0544 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
01:02:22.0693 0544 MSTEE - ok
01:02:22.0705 0544 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
01:02:22.0720 0544 Mup - ok
01:02:22.0765 0544 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
01:02:22.0800 0544 NativeWifiP - ok
01:02:22.0866 0544 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
01:02:22.0914 0544 NDIS - ok
01:02:22.0957 0544 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
01:02:22.0988 0544 NdisTapi - ok
01:02:23.0014 0544 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
01:02:23.0058 0544 Ndisuio - ok
01:02:23.0093 0544 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
01:02:23.0132 0544 NdisWan - ok
01:02:23.0144 0544 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
01:02:23.0178 0544 NDProxy - ok
01:02:23.0223 0544 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
01:02:23.0256 0544 NetBIOS - ok
01:02:23.0295 0544 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
01:02:23.0327 0544 netbt - ok
01:02:23.0362 0544 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
01:02:23.0374 0544 nfrd960 - ok
01:02:23.0412 0544 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
01:02:23.0442 0544 Npfs - ok
01:02:23.0452 0544 NPPTNT2 - ok
01:02:23.0467 0544 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
01:02:23.0505 0544 nsiproxy - ok
01:02:23.0574 0544 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
01:02:23.0691 0544 Ntfs - ok
01:02:23.0722 0544 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
01:02:23.0766 0544 Null - ok
01:02:23.0852 0544 NVENETFD (ae17aae41fc47ada0b989d1fa6fba60b) C:\Windows\system32\DRIVERS\nvmfdx64.sys
01:02:23.0989 0544 NVENETFD - ok
01:02:24.0191 0544 nvlddmkm (2e46bf23f5a5dba03689cc9d2acc1dac) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:02:24.0863 0544 nvlddmkm - ok
01:02:24.0995 0544 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
01:02:25.0010 0544 nvraid - ok
01:02:25.0024 0544 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
01:02:25.0037 0544 nvstor - ok
01:02:25.0081 0544 nvstor64 (d1f5dcf8d5a55c0fbbfb49c0ed1f2f5d) C:\Windows\system32\DRIVERS\nvstor64.sys
01:02:25.0089 0544 nvstor64 - ok
01:02:25.0112 0544 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
01:02:25.0146 0544 nv_agp - ok
01:02:25.0154 0544 NwlnkFlt - ok
01:02:25.0165 0544 NwlnkFwd - ok
01:02:25.0231 0544 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
01:02:25.0270 0544 ohci1394 - ok
01:02:25.0306 0544 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
01:02:25.0367 0544 Parport - ok
01:02:25.0405 0544 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
01:02:25.0420 0544 partmgr - ok
01:02:25.0464 0544 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
01:02:25.0481 0544 pci - ok
01:02:25.0497 0544 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
01:02:25.0511 0544 pciide - ok
01:02:25.0536 0544 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
01:02:25.0553 0544 pcmcia - ok
01:02:25.0582 0544 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
01:02:25.0702 0544 PEAUTH - ok
01:02:25.0794 0544 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
01:02:25.0831 0544 PptpMiniport - ok
01:02:25.0863 0544 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
01:02:25.0911 0544 Processor - ok
01:02:25.0959 0544 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
01:02:25.0986 0544 PSched - ok
01:02:25.0993 0544 PVUSB - ok
01:02:26.0014 0544 PxHelp20 - ok
01:02:26.0045 0544 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:02:26.0057 0544 PxHlpa64 - ok
01:02:26.0102 0544 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
01:02:26.0207 0544 ql2300 - ok
01:02:26.0233 0544 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
01:02:26.0248 0544 ql40xx - ok
01:02:26.0278 0544 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
01:02:26.0331 0544 QWAVEdrv - ok
01:02:26.0351 0544 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
01:02:26.0395 0544 RasAcd - ok
01:02:26.0441 0544 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:02:26.0481 0544 Rasl2tp - ok
01:02:26.0519 0544 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
01:02:26.0555 0544 RasPppoe - ok
01:02:26.0590 0544 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
01:02:26.0609 0544 RasSstp - ok
01:02:26.0652 0544 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
01:02:26.0690 0544 rdbss - ok
01:02:26.0734 0544 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:02:26.0765 0544 RDPCDD - ok
01:02:26.0797 0544 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
01:02:26.0847 0544 rdpdr - ok
01:02:26.0855 0544 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
01:02:26.0891 0544 RDPENCDD - ok
01:02:26.0935 0544 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
01:02:26.0976 0544 RDPWD - ok
01:02:27.0032 0544 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
01:02:27.0071 0544 RimUsb - ok
01:02:27.0109 0544 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
01:02:27.0157 0544 rspndr - ok
01:02:27.0186 0544 SASDIFSV (3289766038db2cb14d07dc84392138d5) M:\\SASDIFSV64.SYS
01:02:27.0196 0544 SASDIFSV - ok
01:02:27.0210 0544 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) M:\\SASKUTIL64.SYS
01:02:27.0219 0544 SASKUTIL - ok
01:02:27.0243 0544 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
01:02:27.0257 0544 sbp2port - ok
01:02:27.0286 0544 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:02:27.0342 0544 secdrv - ok
01:02:27.0370 0544 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
01:02:27.0435 0544 Serenum - ok
01:02:27.0454 0544 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
01:02:27.0515 0544 Serial - ok
01:02:27.0541 0544 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
01:02:27.0583 0544 sermouse - ok
01:02:27.0647 0544 sfdrv01 (4fcace92bb0345d58bb96adbd69f5237) C:\Windows\system32\drivers\sfdrv01.sys
01:02:27.0659 0544 sfdrv01 - ok
01:02:27.0686 0544 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
01:02:27.0734 0544 sffdisk - ok
01:02:27.0761 0544 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
01:02:27.0812 0544 sffp_mmc - ok
01:02:27.0833 0544 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
01:02:27.0881 0544 sffp_sd - ok
01:02:27.0915 0544 sfhlp02 (17f6bd95bf04b924f4c05ce78bef8ae6) C:\Windows\system32\drivers\sfhlp02.sys
01:02:27.0926 0544 sfhlp02 - ok
01:02:27.0950 0544 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
01:02:28.0012 0544 sfloppy - ok
01:02:28.0052 0544 sfvfs02 (f3b72568a6fa36e5d63d30b8186d1c48) C:\Windows\system32\drivers\sfvfs02.sys
01:02:28.0067 0544 sfvfs02 - ok
01:02:28.0091 0544 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
01:02:28.0104 0544 SiSRaid2 - ok
01:02:28.0127 0544 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
01:02:28.0140 0544 SiSRaid4 - ok
01:02:28.0186 0544 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
01:02:28.0212 0544 Smb - ok
01:02:28.0249 0544 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
01:02:28.0263 0544 spldr - ok
01:02:28.0318 0544 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
01:02:28.0396 0544 srv - ok
01:02:28.0454 0544 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
01:02:28.0503 0544 srv2 - ok
01:02:28.0556 0544 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
01:02:28.0583 0544 srvnet - ok
01:02:28.0647 0544 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
01:02:28.0658 0544 swenum - ok
01:02:28.0686 0544 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
01:02:28.0699 0544 Symc8xx - ok
01:02:28.0723 0544 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
01:02:28.0736 0544 Sym_hi - ok
01:02:28.0751 0544 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
01:02:28.0764 0544 Sym_u3 - ok
01:02:28.0841 0544 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
01:02:28.0948 0544 Tcpip - ok
01:02:29.0000 0544 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
01:02:29.0061 0544 Tcpip6 - ok
01:02:29.0092 0544 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
01:02:29.0167 0544 tcpipreg - ok
01:02:29.0207 0544 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
01:02:29.0251 0544 TDPIPE - ok
01:02:29.0279 0544 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
01:02:29.0331 0544 TDTCP - ok
01:02:29.0370 0544 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
01:02:29.0404 0544 tdx - ok
01:02:29.0442 0544 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
01:02:29.0457 0544 TermDD - ok
01:02:29.0503 0544 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:02:29.0550 0544 tssecsrv - ok
01:02:29.0568 0544 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
01:02:29.0612 0544 tunmp - ok
01:02:29.0656 0544 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
01:02:29.0676 0544 tunnel - ok
01:02:29.0700 0544 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
01:02:29.0714 0544 uagp35 - ok
01:02:29.0758 0544 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
01:02:29.0801 0544 udfs - ok
01:02:29.0830 0544 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
01:02:29.0844 0544 uliagpkx - ok
01:02:29.0874 0544 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
01:02:29.0892 0544 uliahci - ok
01:02:29.0915 0544 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
01:02:29.0931 0544 UlSata - ok
01:02:29.0948 0544 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
01:02:29.0964 0544 ulsata2 - ok
01:02:29.0988 0544 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
01:02:30.0020 0544 umbus - ok
01:02:30.0065 0544 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
01:02:30.0113 0544 USBAAPL64 - ok
01:02:30.0158 0544 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
01:02:30.0195 0544 usbaudio - ok
01:02:30.0239 0544 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
01:02:30.0280 0544 usbccgp - ok
01:02:30.0306 0544 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
01:02:30.0370 0544 usbcir - ok
01:02:30.0417 0544 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
01:02:30.0450 0544 usbehci - ok
01:02:30.0473 0544 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
01:02:30.0515 0544 usbhub - ok
01:02:30.0554 0544 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
01:02:30.0584 0544 usbohci - ok
01:02:30.0607 0544 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
01:02:30.0672 0544 usbprint - ok
01:02:30.0716 0544 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:02:30.0752 0544 USBSTOR - ok
01:02:30.0795 0544 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
01:02:30.0834 0544 usbuhci - ok
01:02:30.0903 0544 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
01:02:30.0938 0544 usbvideo - ok
01:02:30.0973 0544 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
01:02:31.0017 0544 vga - ok
01:02:31.0037 0544 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
01:02:31.0074 0544 VgaSave - ok
01:02:31.0100 0544 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
01:02:31.0112 0544 viaide - ok
01:02:31.0155 0544 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
01:02:31.0169 0544 volmgr - ok
01:02:31.0215 0544 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
01:02:31.0250 0544 volmgrx - ok
01:02:31.0311 0544 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
01:02:31.0344 0544 volsnap - ok
01:02:31.0363 0544 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
01:02:31.0379 0544 vsmraid - ok
01:02:31.0415 0544 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
01:02:31.0462 0544 WacomPen - ok
01:02:31.0478 0544 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:02:31.0523 0544 Wanarp - ok
01:02:31.0528 0544 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:02:31.0550 0544 Wanarpv6 - ok
01:02:31.0575 0544 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
01:02:31.0588 0544 Wd - ok
01:02:31.0628 0544 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
01:02:31.0698 0544 Wdf01000 - ok
01:02:31.0779 0544 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:02:31.0813 0544 WmiAcpi - ok
01:02:31.0875 0544 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
01:02:31.0937 0544 WpdUsb - ok
01:02:31.0956 0544 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
01:02:32.0007 0544 ws2ifsl - ok
01:02:32.0054 0544 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:02:32.0093 0544 WUDFRd - ok
01:02:32.0117 0544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:02:32.0370 0544 \Device\Harddisk0\DR0 - ok
01:02:32.0375 0544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
01:02:32.0562 0544 \Device\Harddisk5\DR5 - ok
01:02:32.0584 0544 Boot (0x1200) (1dce710d85b93491cb351af27bd1c7cb) \Device\Harddisk0\DR0\Partition0
01:02:32.0585 0544 \Device\Harddisk0\DR0\Partition0 - ok
01:02:32.0607 0544 Boot (0x1200) (df0dd3adad8082dba35e6a2694db2ceb) \Device\Harddisk0\DR0\Partition1
01:02:32.0607 0544 \Device\Harddisk0\DR0\Partition1 - ok
01:02:32.0627 0544 Boot (0x1200) (ece99e35eba80aa353776c30378909c0) \Device\Harddisk0\DR0\Partition2
01:02:32.0627 0544 \Device\Harddisk0\DR0\Partition2 - ok
01:02:32.0631 0544 Boot (0x1200) (eeb52f447b4c232c8ff94d5181ad6c8a) \Device\Harddisk5\DR5\Partition0
01:02:32.0633 0544 \Device\Harddisk5\DR5\Partition0 - ok
01:02:32.0634 0544 ============================================================
01:02:32.0634 0544 Scan finished
01:02:32.0634 0544 ============================================================
01:02:32.0646 0596 Detected object count: 0
01:02:32.0646 0596 Actual detected object count: 0
|
|
20.01.2012, 10:58
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-trojaner, ukash Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.01.2012, 20:33
| #11 |
| | BKA-trojaner, ukash hey, hier der combofix log Code:
ATTFilter ComboFix 12-01-19.02 - leon 20.01.2012 20:07:42.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4093.2496 [GMT 1:00]
ausgeführt von:: c:\users\leon\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\98\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\ME\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\amd64\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\x86\_desktop.ini
C:\serverg.Bin
c:\users\leon\ia_remove.sh5329.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\Install.cmd
D:\Autorun.inf
M:\Uninstall.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-20 bis 2012-01-20 ))))))))))))))))))))))))))))))
.
.
2012-01-20 19:18 . 2012-01-20 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-19 20:33 . 2012-01-19 20:33 -------- d-----w- C:\_OTL
2012-01-18 22:10 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70A205C7-BD20-440A-B7E3-67CDB111D26B}\mpengine.dll
2012-01-17 14:41 . 2012-01-17 14:41 -------- d-----w- c:\program files (x86)\ESET
2012-01-17 14:33 . 2012-01-17 14:33 -------- d-----w- c:\users\leon\AppData\Roaming\SUPERAntiSpyware.com
2012-01-17 14:26 . 2012-01-17 14:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-17 12:55 . 2012-01-17 12:55 -------- d-----w- c:\users\leon\AppData\Roaming\Malwarebytes
2012-01-17 12:55 . 2012-01-17 12:55 -------- d-----w- c:\programdata\Malwarebytes
2012-01-17 12:55 . 2012-01-17 12:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-01-17 12:55 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 20:45 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 20:45 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:57 . 2011-12-15 16:10 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2009-10-03 09:53 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:58 . 2011-12-15 16:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-15 16:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-03 06:55 . 2011-12-15 16:11 1147392 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:50 . 2011-12-15 16:11 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:49 . 2011-12-15 16:11 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:49 . 2011-12-15 16:11 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:49 . 2011-12-15 16:11 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 06:22 . 2011-12-15 16:11 916992 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 06:17 . 2011-12-15 16:11 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-03 06:17 . 2011-12-15 16:11 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 06:17 . 2011-12-15 16:11 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-03 06:17 . 2011-12-15 16:11 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-03 05:54 . 2011-12-15 16:11 479232 ----a-w- c:\windows\system32\html.iec
2011-11-03 05:22 . 2011-12-15 16:11 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-11-03 05:11 . 2011-12-15 16:11 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 05:10 . 2011-12-15 16:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 04:45 . 2011-12-15 16:11 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-03 04:43 . 2011-12-15 16:11 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-25 16:09 . 2011-12-15 16:11 85504 ----a-w- c:\windows\system32\csrsrv.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"SUPERAntiSpyware"="M:\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-03 281768]
"SunJavaUpdateSched"="m:\java\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\leon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Smart security registration status.lnk - c:\program files\Charismathics\Smart security interface 4.8\CSPregtool64.exe [2009-7-24 8067584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;M:\SASCORE64.EXE [2011-08-11 140672]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 18:48]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 18:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-24 6242816]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 15934496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\leon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\vyggxc4n.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Audio Recorder for FREE_is1 - d:\nanno\audio_recorder\Audio Recorder for FREE\unins000.exe
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-20 20:30:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-20 19:30
.
Vor Suchlauf: 11 Verzeichnis(se), 378.084.933.632 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 377.880.285.184 Bytes frei
.
- - End Of File - - 14CD8C539B5DC1DFA99935494BEA34BC
|
|
| Themen zu BKA-trojaner, ukash |
| administrator, anti-malware, appdata, autostart, check, code, dateien, dateisystem, downloader, escan, exploit.drop.2, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, java, malwarebytes, problem, scan, schutz, systemwiederherstellung, temp, trojan.agent, trojaner, update, variant, virenschutz, virus, vista, win32/sweetim.b, win32/toolbar.searchsuite |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
