| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mbam Trojaner gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2012, 23:01
| #1 |
 |  mbam Trojaner gefunden Hallöchen, antivir hat heut beim surfen einen virus gefunden, darauf hin hab ich mit mbam gescannt und es wurde ein trojaner gefunden. ich bin deshalb jetz im abgesicherten modus und wollte die geforderten logfiles erstellen, jedoch stürzt GMER immer wieder ab. also hier sin nur die OTL files. Kann mir bitte jemand helfen?!? Danke VG LOLA OTL.txt OTL logfile created on: 22.01.2012 22:42:45 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lola\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,68% Memory free 4,21 Gb Paging File | 3,87 Gb Available in Paging File | 91,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140,11 Gb Total Space | 14,81 Gb Free Space | 10,57% Space Free | Partition Type: NTFS Computer Name: LOLA-PC | User Name: Lola | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 21:23:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lola\Desktop\OTL.exe PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.05 08:26:56 | 003,070,944 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2011.09.23 14:35:34 | 001,086,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.07.03 10:05:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.11 19:30:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Stopped] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater) SRV - [2011.04.28 16:53:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.07.24 18:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.07.05 18:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2012.01.22 21:05:36 | 000,037,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Lola\AppData\Local\Temp\00000f99.nmc\nse\bin\nsak.sys -- (nsak_8800D5EA) DRV - [2011.08.12 14:32:00 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.07.03 10:05:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.03 10:05:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007.07.07 01:10:36 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.06.30 12:04:34 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.27 18:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.06.16 01:17:13 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.05.30 19:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007.04.24 18:36:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007.04.24 12:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.04.20 01:01:10 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2007.04.20 01:01:10 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.03.01 15:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.02.13 18:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.06 09:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.02.11 10:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm) DRV - [2005.02.11 10:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005.02.11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 55 40 99 EF B1 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.groupon.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lola\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.09 15:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.11 16:42:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.02 20:22:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:42:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.17 10:07:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.01.14 14:42:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\ [2009.06.19 19:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Extensions [2012.01.09 17:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions [2012.01.09 17:47:12 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.07.16 12:30:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.09 17:46:59 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.04.01 09:48:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\engine@conduit.com [2010.07.27 20:14:08 | 000,000,873 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\conduit.xml [2009.02.02 09:53:50 | 000,001,632 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\live-search.xml [2010.11.03 18:30:51 | 000,002,057 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\youtube-videosuche.xml [2011.11.25 14:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.01.02 20:22:26 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.12 20:36:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.21 11:08:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.01.02 20:22:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.02 20:22:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.02 20:22:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.02 20:22:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.02 20:22:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.02 20:22:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} Hosts file not found O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Free YouTube Download - C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090921024610 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1225017435 (Image Uploader Control) O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} hxxp://www3.snapfish.de/SnapfishActivia2.cab (Snapfish Activia2) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33FE9BC3-FC54-4248-B154-2B975A9721AA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8D3B9EF-A0AB-41E2-979F-2C01C0F80089}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Lola\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Lola\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe - (TOSHIBA CORPORATION.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk - C:\PROGRA~1\ArcSoft\MAGIC-~1\MAGIC-~1.EXE - (ArcSoft, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe - (Acresso Software Inc.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AdVantage Setup - hkey= - key= - File not found MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - File not found MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) MsConfig - StartUpReg: fssui - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Lola\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: MBBalloon - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - File not found MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.22 22:08:29 | 000,100,864 | ---- | C] (GMER) -- C:\kxldapow.sys [2012.01.22 21:23:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lola\Desktop\OTL.exe [2012.01.14 14:41:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.01.11 17:03:04 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 17:03:00 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.11 17:02:58 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.01.11 17:02:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 17:02:04 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Lola\AppData\Roaming\pdfforge [2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.01.04 17:27:54 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2012.01.04 17:27:51 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2012.01.04 17:27:51 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2012.01.04 17:27:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2012.01.04 17:27:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2012.01.04 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.22 22:39:49 | 003,932,160 | -HS- | M] () -- C:\Users\Lola\NTUSER.DAT [2012.01.22 22:15:44 | 000,002,032 | ---- | M] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat [2012.01.22 22:12:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.22 22:12:24 | 131,775,807 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.22 22:08:29 | 000,100,864 | ---- | M] (GMER) -- C:\kxldapow.sys [2012.01.22 21:53:17 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000UA.job [2012.01.22 21:41:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.22 21:41:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.22 21:41:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.22 21:41:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012.01.22 21:40:42 | 000,524,288 | -HS- | M] () -- C:\Users\Lola\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.01.22 21:40:42 | 000,065,536 | -HS- | M] () -- C:\Users\Lola\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.01.22 21:25:35 | 000,000,000 | ---- | M] () -- C:\Users\Lola\defogger_reenable [2012.01.22 21:24:07 | 000,302,592 | ---- | M] () -- C:\Users\Lola\Desktop\40rble00.exe [2012.01.22 21:23:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lola\Desktop\OTL.exe [2012.01.22 21:22:50 | 000,050,477 | ---- | M] () -- C:\Users\Lola\Desktop\Defogger.exe [2012.01.22 17:12:42 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81} [2012.01.22 17:06:16 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8} [2012.01.22 16:39:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.21 20:59:33 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000Core.job [2012.01.20 09:09:56 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.20 09:04:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.01.20 09:04:16 | 000,155,136 | ---- | M] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.20 09:00:31 | 001,453,716 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012.01.20 09:00:31 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.20 09:00:31 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.20 09:00:31 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.20 09:00:31 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.17 20:53:04 | 000,002,735 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Outlook 2007.lnk [2012.01.17 20:37:06 | 000,225,123 | ---- | M] () -- C:\Users\Lola\Documents\Flug Melbourne.xps [2012.01.15 15:15:18 | 000,000,098 | ---- | M] () -- C:\Windows\WirelessFTP.INI [2012.01.14 17:40:40 | 000,002,631 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Word 2007.lnk [2012.01.07 11:55:13 | 000,002,037 | ---- | M] () -- C:\Users\Lola\Desktop\Google Chrome.lnk [2012.01.04 17:18:22 | 000,001,899 | ---- | M] () -- C:\Users\Lola\Desktop\Netzwerk.lnk [2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.22 22:05:50 | 131,775,807 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.01.22 21:25:35 | 000,000,000 | ---- | C] () -- C:\Users\Lola\defogger_reenable [2012.01.22 21:23:55 | 000,302,592 | ---- | C] () -- C:\Users\Lola\Desktop\40rble00.exe [2012.01.22 21:22:57 | 000,050,477 | ---- | C] () -- C:\Users\Lola\Desktop\Defogger.exe [2012.01.22 17:12:42 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81} [2012.01.22 17:06:16 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8} [2012.01.17 20:37:02 | 000,225,123 | ---- | C] () -- C:\Users\Lola\Documents\Flug Melbourne.xps [2012.01.04 17:27:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.04 17:15:10 | 000,001,899 | ---- | C] () -- C:\Users\Lola\Desktop\Netzwerk.lnk [2011.12.03 19:47:04 | 000,000,036 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\blckdom.res [2011.05.02 18:14:53 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI [2011.03.16 15:10:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.16 15:10:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.16 15:10:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.16 15:10:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.16 15:10:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.29 10:13:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.01.26 16:45:18 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.01.26 16:45:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.26 16:41:00 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010.11.03 08:59:57 | 000,171,288 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010.10.02 09:39:18 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010.10.02 09:39:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.10.02 09:39:17 | 000,000,335 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.10.02 09:38:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\osclpthread.dll [2010.06.14 17:30:52 | 000,003,766 | ---- | C] () -- C:\Windows\scad3.INI [2009.12.21 16:43:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.21 16:43:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.21 16:43:20 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.10.17 15:51:17 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI [2009.10.05 11:02:43 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2009.10.05 11:02:43 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.05.12 10:38:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.12.04 00:30:10 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2008.12.02 12:57:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.11.25 18:16:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.11.25 10:36:43 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.11.25 10:36:27 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.11.18 11:00:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.10.16 20:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.10.13 15:48:59 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.10.13 15:48:59 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.10.13 15:48:59 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.10.13 15:48:59 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat [2008.06.05 17:03:49 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008.03.09 15:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.01.02 21:38:23 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.01.02 21:33:14 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL [2007.12.31 13:34:35 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.31 13:34:24 | 000,000,013 | ---- | C] () -- C:\Windows\vbaddin.ini [2007.12.30 18:38:28 | 004,590,949 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\UserTile.png [2007.12.28 21:31:27 | 000,155,136 | ---- | C] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.28 21:31:25 | 000,136,864 | ---- | C] () -- C:\Users\Lola\AppData\Local\GDIPFONTCACHEV1.DAT [2007.12.28 21:31:25 | 000,002,032 | ---- | C] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat [2007.09.08 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.08.13 23:00:50 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.13 23:00:50 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.08.13 23:00:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll [2007.08.13 23:00:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.08.13 23:00:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.08.13 23:00:48 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.08.13 13:46:45 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat [2007.08.13 04:25:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 16:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,454,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 001,453,716 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006.11.02 11:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 11:23:31 | 000,000,240 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006.11.02 08:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006.11.02 08:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006.11.02 08:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006.11.02 08:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006.11.02 08:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006.11.02 08:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006.11.02 08:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006.11.02 08:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006.11.02 08:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006.11.02 08:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006.11.02 08:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006.11.02 08:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006.11.02 08:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006.11.02 08:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006.11.02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2005.04.28 05:22:34 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2005.04.28 05:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000081.DLL [1999.04.29 22:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.02.20 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\CoSoSys [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools Lite [2011.07.21 16:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoft [2011.07.21 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.28 10:38:36 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Facebook [2011.03.21 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Foxit [2011.09.24 09:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\GoPal Assistant [2011.06.11 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ [2008.01.02 21:38:54 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ Toolbar [2008.09.05 13:20:40 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\InterVideo [2011.12.03 19:46:57 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\kock [2009.01.29 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Leadertech [2009.10.05 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\LG Electronics [2008.11.25 10:40:07 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\MAGIX [2012.01.04 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\pdfforge [2011.10.15 09:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\SmartDraw [2009.08.05 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Snapfish [2011.12.06 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Synaptics [2007.12.29 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\temp [2011.12.17 10:07:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Thunderbird [2011.12.03 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\UAs [2008.10.10 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Ulead Systems [2011.12.03 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\xmldm [2012.01.22 21:06:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007.12.28 21:32:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.06.19 12:19:49 | 000,000,000 | -H-D | M] -- C:\BJPrinter [2009.12.22 21:36:32 | 000,000,000 | -HSD | M] -- C:\Boot [2012.01.14 15:18:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2007.09.08 02:23:26 | 000,000,000 | ---D | M] -- C:\Documentation [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.08.13 13:08:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.11.09 23:04:10 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2007.09.08 01:56:14 | 000,000,000 | -H-D | M] -- C:\InstantON [2009.12.23 10:31:00 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.01.04 17:27:51 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.22 21:02:06 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.08.13 13:08:31 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.22 21:49:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.10 15:30:16 | 000,000,000 | ---D | M] -- C:\Update [2008.07.12 22:33:29 | 000,000,000 | R--D | M] -- C:\Users [2007.09.08 02:33:46 | 000,000,000 | -H-D | M] -- C:\WAUUPGRD [2012.01.22 22:12:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2006.11.02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys [2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008.01.19 06:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.01.02 11:16:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.01.02 11:16:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-20 16:02:12 < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB10488$] -> Error: Cannot create file handle -> Unknown point type < End of report > |
|
22.01.2012, 23:03
| #2 |
| | mbam Trojaner gefunden Hier noch die Extras.txtOTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 22.01.2012 22:42:45 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lola\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,68% Memory free
4,21 Gb Paging File | 3,87 Gb Available in Paging File | 91,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,11 Gb Total Space | 14,81 Gb Free Space | 10,57% Space Free | Partition Type: NTFS
Computer Name: LOLA-PC | User Name: Lola | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2758217544-4115683230-4201137011-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BCD507F-B50D-4E8A-88C8-6E7745B4E589}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{313928AC-6873-4143-9C03-5B3345BF15EE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4421DCB8-630D-4DB4-86FC-AA1580F74FFE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6A882AED-EB57-4605-8F8F-B9EC0A2BC0DB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{755E8985-5CFD-4CCA-A241-CC931D956388}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DCADBE1-B3BB-4AF4-9A0B-51C51A423C05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96A5CBBA-7ED0-4087-8AE3-E01638CC13B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3BB3043-DF9F-449F-A331-D72D72189C79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3257354-F441-420D-B822-493869028369}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0097DFC9-0C9E-46A6-A7F3-DD8972115858}" = dir=in | app=c:\users\lola\andré\bot\tm.exe |
"{00F25E53-61F5-4794-BFC8-1F3DB552DE05}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{033263E1-B6C3-48FA-BE11-2AC43000F246}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{047B9B94-46EB-45FA-BB73-C9B69C3E8625}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{06C118D3-FCB6-4ECD-A7D0-5C5627DBB751}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06CAFBF4-D8F7-4D52-9ED3-26C46429417F}" = dir=out | app=c:\users\lola\andré\bot\tm.exe |
"{09A6214E-99F4-403E-8332-200C818D7692}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B4A0920-71DA-46E5-819F-89F9EC01C2BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DA15515-29DA-4C98-81EB-9F9FD0170A63}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{109ADCC6-2A00-43F2-9DB0-64E19DFEB371}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{124A1F82-DA0D-49A4-84F9-4E5598878181}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{134A03A8-5F63-4AF6-8D26-825BA1A3176B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{18E1E4FF-DB8F-48F0-B8F3-7D0B99C7E010}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1992CC49-DA9B-4194-86EA-4908B42E4B67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B3AEAD9-6CE7-42E6-A81E-540664DE5274}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1B5D8524-B012-4446-96DD-55AAB4AD378E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2428805B-5105-42FD-AEFC-48842ECBB7B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{245D2D24-ACF9-4366-8BAF-E2C779FB8C5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24FA3306-4A4B-4C9C-88F2-9BC56ACFA7DF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{294212B4-8AE9-43B5-8E2E-EC000B2AC0CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C359B0A-F08E-42C9-886A-D9E0BF2D751D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{365D635D-9135-4D4E-8920-DE691CFAD381}" = dir=in | app=c:\users\lola\andré\bot\tm-update.exe |
"{37AD37F7-A856-4D1F-A163-326CC2595D5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C951F23-F8B9-4CD8-883E-BA613C79B088}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EB39DF5-52A2-47F3-99ED-7FFA2177D792}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{42F1AEB0-604D-4477-8752-23D3337EDF30}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{493F4D06-696D-426B-AA29-6F7873A730FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49E15B77-9939-4886-B028-460C5905D1E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{522AD36A-FFFE-4126-AA72-D07752A2EA81}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{539B0717-F05D-48CA-AB33-90ACDC7FCA07}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5614D5DE-9916-4402-B44D-5D7279A297F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{59B87D47-E2DA-448D-88A6-EEEF937A2C9B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{5AB65810-2F17-4C48-8E70-A2C99374E139}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6016544C-B363-4787-BF03-B0832FDE48F1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6145F506-57B3-43D3-BE99-5136995F0E07}" = dir=in | app=c:\users\lola\andré\tmbot\tm-update.exe |
"{61B78875-2495-4BAE-B8D8-8D837F1804DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{626E3007-C1F3-4706-B4B9-2779DB7962C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63524210-8497-4B7E-B1B1-EE47E7DE0369}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{6A1C0F73-1B8A-41FE-B1F3-F3ECE708D8C3}" = dir=in | app=c:\users\lola\andré\tmbot\tm.exe |
"{6DE660BF-8BB3-4E4D-A848-592DA918D328}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6E033E22-8749-4ACE-870B-BBF480035A94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{760BAA17-8670-435A-9AB6-BE2DF0AC4893}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{7AAED674-A947-47D2-832D-54344C8CE472}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{7D5FC05E-7A63-4EC1-878C-8FA637EE5EF9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{855445F1-BF36-479E-A08F-323997273223}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90A45946-EFB3-4580-A62E-5CBB671BBCA2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{946E3799-6F62-44FD-A05A-3B272091D25B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{958F7913-4F3B-4FD2-A902-80349C64BDAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99C63583-0DFE-4176-BD7A-5094C6D056B6}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{9B7294B0-2DF8-4E07-BC66-6C66E7779129}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9D4478E7-F51C-472E-BAEC-9490DA9D0337}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A23A265B-AE7D-48D8-A5F9-6A8A6A92CC96}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A7F08D2E-D852-48BE-8D21-52A7A5C2D426}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B321E8E5-A83F-40BD-81BC-50359C51A8E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B58D8590-E60A-4B1F-A8F1-7723416D2983}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B8921F62-E2B8-4664-BD1A-E09D54176B75}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{BEEBE0A3-E3F5-437F-8D64-7ADD924E496E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C457CF1B-A3BD-4EEA-B4A7-F203A893EC91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5B1111F-8694-4779-8F16-69DD0B0B86A8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CCFBACC2-42EA-407F-A0BB-1B0C3DA893D2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CD39CEE3-F3FC-4D33-A8C7-1684AC217D96}" = dir=out | app=c:\users\lola\andré\tmbot\tm.exe |
"{CEBB6059-DB34-4CBA-AAB4-5F61FA50C296}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D203A10E-6ACE-493B-9E48-2E59D0D6025C}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{D5A4C2FF-4782-4019-9CB8-06360B079953}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DA80FA97-1E61-4ED5-A821-09AE6A83DE86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC664095-EB23-4EB0-9F30-C09E620485A2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DE8DCE3A-6EF1-45C2-930E-7DD8AA35DBC1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E0C9009B-C19D-4B58-BD45-38E158FD1843}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E17A3BBA-410F-43EF-91A9-0127FCDDD94C}" = dir=in | app=c:\users\lola\andré\bot\dj-browser.exe |
"{E24D4594-1816-4582-959B-54DB80B87679}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E26E1518-9C56-475D-A03B-E2A203ADE530}" = dir=in | app=c:\users\lola\andré\tmbot\dj-browser.exe |
"{EF18D3D4-228E-4B4E-8297-7877ABE4AEA6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FB335709-9B15-41D8-99EF-EC6AF21544D1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{FC8B0B22-1C01-4BB8-8176-912917084F14}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{FC8D219E-A2BF-4BFF-952C-E545788C6D07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0D82AE47-7D1B-4C22-9A3A-B15251DED30A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{4C98027F-9ACD-41E2-BE9C-1C0665F85CCC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5684C1F4-3636-4754-BF7F-45F665F76DA2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{58C17E95-E894-42C8-82B9-B53C59E840F3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{85CBE143-0C8F-43B5-B215-0F47891CBBF0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B4A31CA3-C3D1-4D86-BB7F-4AD4BD9B3415}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{E3903609-E225-44C1-BE7D-EEE4DE841C7C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{EFF87D5C-4066-488C-A8E6-77B476D89CE6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{0A4C4FC2-14B5-4BDC-BEF7-8FF9C2E28B5B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{120978B6-C7D3-4E45-A41F-3944A5CD6C28}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{224DCD63-658D-42DF-8F36-6FB6DA9D236B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4472D1E0-5DC6-4567-BDB6-0C06D7345E28}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{666ED7F3-48F1-4638-97F7-8F9E7E5B495E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{9DCEE5A3-F736-4D55-8956-9C9E8593ED0B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A46884C0-8080-43B8-8395-E20C5AFAC4E2}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{CB0A0CC8-088A-4875-B3EC-F604BCC3BF24}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1B47F7BA-7CF9-4F00-9340-099E3A004059}" = VAIO Update Merge Module x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FB6750-ADDF-4726-B67F-6901E1991031}" = Nero 7 Essentials
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{638BAD93-701B-482A-86C6-72DFF3E6FE51}" =
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" =
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D17D6E7A-DF1E-41E9-B8C2-0078110221A3}" = VAIO Update Merge Module x86
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dt icon module" =
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"eBay HTML" =
"ENTERPRISE" = Microsoft Office Enterprise 2007
"fotokasten comfort_is1" = fotokasten comfort 4.2
"FotoQuelle Fotosoftware" = FotoQuelle Fotosoftware 4.11.0
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.9.721
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.1.715
"gtfirstboot Setting Request" =
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"IpodConverter_is1" = IpodConverter 1.1
"LTspice IV" = LTspice IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Medion GoPal Assistant" = Medion GoPal Assistant 4.00.0003
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MP3-Cutter" = MP3-Cutter
"PokerStars" = PokerStars
"Rainbow Client Activator 2.2 English" = Client Activator 2.2 - English
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.1
"VAIO Help and Support" =
"VAIO MFU Module" =
"VAIO Xblack Contents" = VAIO Xblack Contents
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.01.2012 16:10:28 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description =
Error - 22.01.2012 16:28:58 | Computer Name = Lola-PC | Source = System Restore | ID = 8193
Description =
Error - 22.01.2012 17:03:07 | Computer Name = Lola-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x1048,
Anwendungsstartzeit 01ccd948b9f42d8f.
Error - 22.01.2012 17:06:51 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description =
Error - 22.01.2012 17:10:11 | Computer Name = Lola-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x7d4, Anwendungsstartzeit
01ccd94a2125dece.
Error - 22.01.2012 17:13:29 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description =
Error - 22.01.2012 17:20:09 | Computer Name = Lola-PC | Source = System Restore | ID = 8193
Description =
Error - 22.01.2012 17:31:11 | Computer Name = Lola-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x66c, Anwendungsstartzeit
01ccd94cf21948fd.
Error - 22.01.2012 17:32:07 | Computer Name = Lola-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x5d8, Anwendungsstartzeit
01ccd94d2d7f187d.
Error - 22.01.2012 17:43:48 | Computer Name = Lola-PC | Source = System Restore | ID = 8193
Description =
[ Media Center Events ]
Error - 23.09.2009 07:42:28 | Computer Name = Lola-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
26.01.2012, 11:46
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  mbam Trojaner gefundenZitat:
Dafür antwortest du dir hier selbst und postest sogar Logs im Erinnerungsstrang   Ohne die Logs von Malwarebytes und Co wird das hier nichts.  Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
26.01.2012, 16:46
| #4 |
| | mbam Trojaner gefunden ja..., wie gesagt es tut mir sehr leid. ich habe selber auch gemerkt das ich vieles falsch gemacht habe, jedoch immer erst kurz danach, wie zB auch das mit dem Code-Tags. Ich hoffe du kannst mir trotzdem helfen. Hier die ganzen Logfiles: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.22.03 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Lola :: LOLA-PC [Administrator] 22.01.2012 17:24:12 mbam-log-2012-01-22 (17-24-12).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 393235 Laufzeit: 1 Stunde(n), 33 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\46862d0b-1bb53281 (Trojan.Downloader.lb) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\46862d0b-1f0f990a (Trojan.Downloader.lb) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL Extras logfile created on: 25.01.2012 16:59:25 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lola\Desktop\André\SystemSicherheit\TrojanerBoard
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,28% Memory free
4,22 Gb Paging File | 2,77 Gb Available in Paging File | 65,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,11 Gb Total Space | 13,96 Gb Free Space | 9,96% Space Free | Partition Type: NTFS
Drive F: | 3,72 Gb Total Space | 3,37 Gb Free Space | 90,51% Space Free | Partition Type: FAT32
Computer Name: LOLA-PC | User Name: Lola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2758217544-4115683230-4201137011-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BCD507F-B50D-4E8A-88C8-6E7745B4E589}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{313928AC-6873-4143-9C03-5B3345BF15EE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4421DCB8-630D-4DB4-86FC-AA1580F74FFE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6A882AED-EB57-4605-8F8F-B9EC0A2BC0DB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{755E8985-5CFD-4CCA-A241-CC931D956388}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DCADBE1-B3BB-4AF4-9A0B-51C51A423C05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96A5CBBA-7ED0-4087-8AE3-E01638CC13B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3BB3043-DF9F-449F-A331-D72D72189C79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3257354-F441-420D-B822-493869028369}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0097DFC9-0C9E-46A6-A7F3-DD8972115858}" = dir=in | app=c:\users\lola\andré\bot\tm.exe |
"{00F25E53-61F5-4794-BFC8-1F3DB552DE05}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{033263E1-B6C3-48FA-BE11-2AC43000F246}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{047B9B94-46EB-45FA-BB73-C9B69C3E8625}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{06C118D3-FCB6-4ECD-A7D0-5C5627DBB751}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06CAFBF4-D8F7-4D52-9ED3-26C46429417F}" = dir=out | app=c:\users\lola\andré\bot\tm.exe |
"{09A6214E-99F4-403E-8332-200C818D7692}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B4A0920-71DA-46E5-819F-89F9EC01C2BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DA15515-29DA-4C98-81EB-9F9FD0170A63}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{109ADCC6-2A00-43F2-9DB0-64E19DFEB371}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{124A1F82-DA0D-49A4-84F9-4E5598878181}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{134A03A8-5F63-4AF6-8D26-825BA1A3176B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{18E1E4FF-DB8F-48F0-B8F3-7D0B99C7E010}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1992CC49-DA9B-4194-86EA-4908B42E4B67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B3AEAD9-6CE7-42E6-A81E-540664DE5274}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1B5D8524-B012-4446-96DD-55AAB4AD378E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2428805B-5105-42FD-AEFC-48842ECBB7B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{245D2D24-ACF9-4366-8BAF-E2C779FB8C5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24FA3306-4A4B-4C9C-88F2-9BC56ACFA7DF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{294212B4-8AE9-43B5-8E2E-EC000B2AC0CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C359B0A-F08E-42C9-886A-D9E0BF2D751D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{365D635D-9135-4D4E-8920-DE691CFAD381}" = dir=in | app=c:\users\lola\andré\bot\tm-update.exe |
"{37AD37F7-A856-4D1F-A163-326CC2595D5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C951F23-F8B9-4CD8-883E-BA613C79B088}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EB39DF5-52A2-47F3-99ED-7FFA2177D792}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{42F1AEB0-604D-4477-8752-23D3337EDF30}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{493F4D06-696D-426B-AA29-6F7873A730FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49E15B77-9939-4886-B028-460C5905D1E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{522AD36A-FFFE-4126-AA72-D07752A2EA81}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{539B0717-F05D-48CA-AB33-90ACDC7FCA07}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5614D5DE-9916-4402-B44D-5D7279A297F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{59B87D47-E2DA-448D-88A6-EEEF937A2C9B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{5AB65810-2F17-4C48-8E70-A2C99374E139}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6016544C-B363-4787-BF03-B0832FDE48F1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6145F506-57B3-43D3-BE99-5136995F0E07}" = dir=in | app=c:\users\lola\andré\tmbot\tm-update.exe |
"{61B78875-2495-4BAE-B8D8-8D837F1804DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{626E3007-C1F3-4706-B4B9-2779DB7962C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63524210-8497-4B7E-B1B1-EE47E7DE0369}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{6A1C0F73-1B8A-41FE-B1F3-F3ECE708D8C3}" = dir=in | app=c:\users\lola\andré\tmbot\tm.exe |
"{6DE660BF-8BB3-4E4D-A848-592DA918D328}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6E033E22-8749-4ACE-870B-BBF480035A94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{760BAA17-8670-435A-9AB6-BE2DF0AC4893}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{7AAED674-A947-47D2-832D-54344C8CE472}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{7D5FC05E-7A63-4EC1-878C-8FA637EE5EF9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{855445F1-BF36-479E-A08F-323997273223}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90A45946-EFB3-4580-A62E-5CBB671BBCA2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{946E3799-6F62-44FD-A05A-3B272091D25B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{958F7913-4F3B-4FD2-A902-80349C64BDAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99C63583-0DFE-4176-BD7A-5094C6D056B6}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{9B7294B0-2DF8-4E07-BC66-6C66E7779129}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9D4478E7-F51C-472E-BAEC-9490DA9D0337}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A23A265B-AE7D-48D8-A5F9-6A8A6A92CC96}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A7F08D2E-D852-48BE-8D21-52A7A5C2D426}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B321E8E5-A83F-40BD-81BC-50359C51A8E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B58D8590-E60A-4B1F-A8F1-7723416D2983}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B8921F62-E2B8-4664-BD1A-E09D54176B75}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{BEEBE0A3-E3F5-437F-8D64-7ADD924E496E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C457CF1B-A3BD-4EEA-B4A7-F203A893EC91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5B1111F-8694-4779-8F16-69DD0B0B86A8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CCFBACC2-42EA-407F-A0BB-1B0C3DA893D2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CD39CEE3-F3FC-4D33-A8C7-1684AC217D96}" = dir=out | app=c:\users\lola\andré\tmbot\tm.exe |
"{CEBB6059-DB34-4CBA-AAB4-5F61FA50C296}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D203A10E-6ACE-493B-9E48-2E59D0D6025C}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{D5A4C2FF-4782-4019-9CB8-06360B079953}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DA80FA97-1E61-4ED5-A821-09AE6A83DE86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC664095-EB23-4EB0-9F30-C09E620485A2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DE8DCE3A-6EF1-45C2-930E-7DD8AA35DBC1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E0C9009B-C19D-4B58-BD45-38E158FD1843}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E17A3BBA-410F-43EF-91A9-0127FCDDD94C}" = dir=in | app=c:\users\lola\andré\bot\dj-browser.exe |
"{E24D4594-1816-4582-959B-54DB80B87679}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E26E1518-9C56-475D-A03B-E2A203ADE530}" = dir=in | app=c:\users\lola\andré\tmbot\dj-browser.exe |
"{EF18D3D4-228E-4B4E-8297-7877ABE4AEA6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FB335709-9B15-41D8-99EF-EC6AF21544D1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{FC8B0B22-1C01-4BB8-8176-912917084F14}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{FC8D219E-A2BF-4BFF-952C-E545788C6D07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0D82AE47-7D1B-4C22-9A3A-B15251DED30A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{4C98027F-9ACD-41E2-BE9C-1C0665F85CCC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5684C1F4-3636-4754-BF7F-45F665F76DA2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{58C17E95-E894-42C8-82B9-B53C59E840F3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{85CBE143-0C8F-43B5-B215-0F47891CBBF0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B4A31CA3-C3D1-4D86-BB7F-4AD4BD9B3415}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{E3903609-E225-44C1-BE7D-EEE4DE841C7C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{EFF87D5C-4066-488C-A8E6-77B476D89CE6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{0A4C4FC2-14B5-4BDC-BEF7-8FF9C2E28B5B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{120978B6-C7D3-4E45-A41F-3944A5CD6C28}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{224DCD63-658D-42DF-8F36-6FB6DA9D236B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4472D1E0-5DC6-4567-BDB6-0C06D7345E28}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{666ED7F3-48F1-4638-97F7-8F9E7E5B495E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{9DCEE5A3-F736-4D55-8956-9C9E8593ED0B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A46884C0-8080-43B8-8395-E20C5AFAC4E2}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{CB0A0CC8-088A-4875-B3EC-F604BCC3BF24}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FB6750-ADDF-4726-B67F-6901E1991031}" = Nero 7 Essentials
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{638BAD93-701B-482A-86C6-72DFF3E6FE51}" =
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" =
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dt icon module" =
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"eBay HTML" =
"ENTERPRISE" = Microsoft Office Enterprise 2007
"fotokasten comfort_is1" = fotokasten comfort 4.2
"FotoQuelle Fotosoftware" = FotoQuelle Fotosoftware 4.11.0
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.9.721
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.1.715
"gtfirstboot Setting Request" =
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"IpodConverter_is1" = IpodConverter 1.1
"LTspice IV" = LTspice IV
"Medion GoPal Assistant" = Medion GoPal Assistant 4.00.0003
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MP3-Cutter" = MP3-Cutter
"PokerStars" = PokerStars
"Rainbow Client Activator 2.2 English" = Client Activator 2.2 - English
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.1
"VAIO Help and Support" =
"VAIO MFU Module" =
"VAIO Xblack Contents" = VAIO Xblack Contents
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.01.2012 17:31:11 | Computer Name = Lola-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x66c, Anwendungsstartzeit
01ccd94cf21948fd.
Error - 22.01.2012 17:32:07 | Computer Name = Lola-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x5d8, Anwendungsstartzeit
01ccd94d2d7f187d.
Error - 22.01.2012 17:43:48 | Computer Name = Lola-PC | Source = System Restore | ID = 8193
Description =
Error - 23.01.2012 11:08:00 | Computer Name = Lola-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul 40rble00.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0xdb8, Anwendungsstartzeit
01ccd9e07275184f.
Error - 24.01.2012 17:15:03 | Computer Name = Lola-PC | Source = VSS | ID = 8194
Description =
Error - 24.01.2012 17:36:38 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description =
Error - 24.01.2012 17:40:24 | Computer Name = Lola-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
on a computer running in safe mode. Your computer is currently running in safe
mode. To install Security Essentials, your computer must be running in normal mode.
Please restart your computer in normal mode, and then try to run the Security Essentials
Setup Wizard again. Error code:0x8004FF11.
Error - 24.01.2012 17:40:38 | Computer Name = Lola-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 25.01.2012 11:36:09 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description =
Error - 25.01.2012 11:46:02 | Computer Name = Lola-PC | Source = System Restore | ID = 8193
Description =
[ Media Center Events ]
Error - 23.09.2009 07:42:28 | Computer Name = Lola-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Code:
ATTFilter OTL logfile created on: 25.01.2012 16:59:25 - Run 6 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lola\Desktop\André\SystemSicherheit\TrojanerBoard Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,28% Memory free 4,22 Gb Paging File | 2,77 Gb Available in Paging File | 65,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140,11 Gb Total Space | 13,96 Gb Free Space | 9,96% Space Free | Partition Type: NTFS Drive F: | 3,72 Gb Total Space | 3,37 Gb Free Space | 90,51% Space Free | Partition Type: FAT32 Computer Name: LOLA-PC | User Name: Lola | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 21:23:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lola\Desktop\André\SystemSicherheit\TrojanerBoard\OTL.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.02 20:22:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2007.07.24 18:26:38 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2007.07.24 18:26:38 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.06.15 11:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2007.06.14 07:40:46 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe PRC - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe ========== Modules (No Company Name) ========== MOD - [2012.01.02 20:22:24 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.11.18 20:22:27 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2007.06.30 02:07:56 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.07.24 18:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.07.05 18:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.11.11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007.07.07 01:10:36 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.06.30 12:04:34 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.27 18:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.06.16 01:17:13 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.05.30 19:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007.04.24 18:36:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007.04.24 12:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.04.20 01:01:10 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2007.04.20 01:01:10 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.03.01 15:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.02.13 18:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.06 09:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.02.11 10:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm) DRV - [2005.02.11 10:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005.02.11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 55 40 99 EF B1 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.groupon.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lola\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.09 15:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.11 16:42:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.02 20:22:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:42:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\ [2009.06.19 19:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Extensions [2012.01.09 17:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions [2012.01.09 17:47:12 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.07.16 12:30:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.09 17:46:59 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.04.01 09:48:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\engine@conduit.com [2010.07.27 20:14:08 | 000,000,873 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\conduit.xml [2009.02.02 09:53:50 | 000,001,632 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\live-search.xml [2010.11.03 18:30:51 | 000,002,057 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\youtube-videosuche.xml [2011.11.25 14:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.01.02 20:22:26 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.12 20:36:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.21 11:08:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.01.02 20:22:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.02 20:22:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.02 20:22:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.02 20:22:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.02 20:22:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.02 20:22:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} Hosts file not found O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Free YouTube Download - C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090921024610 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1225017435 (Image Uploader Control) O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} hxxp://www3.snapfish.de/SnapfishActivia2.cab (Snapfish Activia2) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8D3B9EF-A0AB-41E2-979F-2C01C0F80089}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Lola\Pictures\Australien\Familie Underwood\6536_1106299254186_1127920239_30267074_2821584_n.jpg O24 - Desktop BackupWallPaper: C:\Users\Lola\Pictures\Australien\Familie Underwood\6536_1106299254186_1127920239_30267074_2821584_n.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe - (TOSHIBA CORPORATION.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk - C:\PROGRA~1\ArcSoft\MAGIC-~1\MAGIC-~1.EXE - (ArcSoft, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AdVantage Setup - hkey= - key= - File not found MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - File not found MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) MsConfig - StartUpReg: fssui - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Lola\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: MBBalloon - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - File not found MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.24 22:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.01.24 22:16:56 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.01.22 22:08:29 | 000,100,864 | ---- | C] (GMER) -- C:\kxldapow.sys [2012.01.11 17:03:04 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 17:03:00 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.11 17:02:58 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.01.11 17:02:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 17:02:04 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Lola\AppData\Roaming\pdfforge [2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.01.04 17:27:54 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2012.01.04 17:27:51 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2012.01.04 17:27:51 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2012.01.04 17:27:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2012.01.04 17:27:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2012.01.04 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.25 16:59:14 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.25 16:59:14 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.25 16:59:14 | 000,128,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.25 16:59:14 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.25 16:54:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.25 16:54:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.25 16:54:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.25 16:54:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.25 16:54:03 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2012.01.25 16:52:21 | 000,002,631 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Word 2007.lnk [2012.01.25 05:53:10 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000UA.job [2012.01.25 05:39:41 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.24 22:48:36 | 000,001,808 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Security Essentials.lnk [2012.01.24 22:40:23 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.01.23 19:53:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000Core.job [2012.01.22 22:15:44 | 000,002,032 | ---- | M] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat [2012.01.22 22:12:24 | 131,775,807 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.22 22:08:29 | 000,100,864 | ---- | M] (GMER) -- C:\kxldapow.sys [2012.01.22 21:25:35 | 000,000,000 | ---- | M] () -- C:\Users\Lola\defogger_reenable [2012.01.22 17:12:42 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81} [2012.01.22 17:06:16 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8} [2012.01.20 09:09:56 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.20 09:04:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.01.20 09:04:16 | 000,155,136 | ---- | M] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.17 20:53:04 | 000,002,735 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Outlook 2007.lnk [2012.01.17 20:37:06 | 000,225,123 | ---- | M] () -- C:\Users\Lola\Documents\Flug Melbourne.xps [2012.01.15 15:15:18 | 000,000,098 | ---- | M] () -- C:\Windows\WirelessFTP.INI [2012.01.07 11:55:13 | 000,002,037 | ---- | M] () -- C:\Users\Lola\Desktop\Google Chrome.lnk [2012.01.04 17:18:22 | 000,001,899 | ---- | M] () -- C:\Users\Lola\Desktop\Netzwerk.lnk [2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.25 16:54:03 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys [2012.01.24 22:48:36 | 000,001,808 | ---- | C] () -- C:\Users\Lola\Desktop\Microsoft Security Essentials.lnk [2012.01.24 22:28:29 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.01.24 22:18:10 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.01.22 22:05:50 | 131,775,807 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.01.22 21:25:35 | 000,000,000 | ---- | C] () -- C:\Users\Lola\defogger_reenable [2012.01.22 17:12:42 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81} [2012.01.22 17:06:16 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8} [2012.01.17 20:37:02 | 000,225,123 | ---- | C] () -- C:\Users\Lola\Documents\Flug Melbourne.xps [2012.01.04 17:27:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.04 17:15:10 | 000,001,899 | ---- | C] () -- C:\Users\Lola\Desktop\Netzwerk.lnk [2011.12.03 19:47:04 | 000,000,036 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\blckdom.res [2011.05.02 18:14:53 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI [2011.03.16 15:10:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.16 15:10:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.16 15:10:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.16 15:10:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.16 15:10:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.29 10:13:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.01.26 16:45:18 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.01.26 16:45:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.26 16:41:00 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010.11.03 08:59:57 | 000,171,288 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010.10.02 09:39:18 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010.10.02 09:39:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.10.02 09:39:17 | 000,000,335 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.10.02 09:38:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\osclpthread.dll [2010.06.14 17:30:52 | 000,003,766 | ---- | C] () -- C:\Windows\scad3.INI [2009.12.21 16:43:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.21 16:43:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.10.17 15:51:17 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI [2009.10.05 11:02:43 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2009.10.05 11:02:43 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.05.12 10:38:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.12.04 00:30:10 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2008.12.02 12:57:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.11.25 18:16:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.11.25 10:36:43 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.11.25 10:36:27 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.11.18 11:00:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.10.16 20:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.10.13 15:48:59 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.10.13 15:48:59 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.10.13 15:48:59 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.10.13 15:48:59 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat [2008.03.09 15:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.01.02 21:38:23 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.01.02 21:33:14 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL [2007.12.31 13:34:35 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.30 18:38:28 | 004,590,949 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\UserTile.png [2007.12.28 21:31:27 | 000,155,136 | ---- | C] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.28 21:31:25 | 000,002,032 | ---- | C] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat [2007.09.08 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.08.13 23:00:50 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.13 23:00:50 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.08.13 23:00:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll [2007.08.13 23:00:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.08.13 23:00:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.08.13 23:00:48 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.08.13 13:46:45 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat [2007.08.13 04:25:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 16:33:31 | 000,634,352 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,128,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,454,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,601,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,105,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2005.04.28 05:22:34 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2005.04.28 05:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000081.DLL [1999.04.29 22:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.02.20 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\CoSoSys [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools Lite [2011.07.21 16:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoft [2011.07.21 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.28 10:38:36 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Facebook [2011.03.21 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Foxit [2011.09.24 09:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\GoPal Assistant [2011.06.11 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ [2008.01.02 21:38:54 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ Toolbar [2008.09.05 13:20:40 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\InterVideo [2011.12.03 19:46:57 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\kock [2009.01.29 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Leadertech [2009.10.05 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\LG Electronics [2008.11.25 10:40:07 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\MAGIX [2012.01.04 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\pdfforge [2011.10.15 09:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\SmartDraw [2009.08.05 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Snapfish [2011.12.06 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Synaptics [2007.12.29 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\temp [2011.12.17 10:07:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Thunderbird [2011.12.03 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\UAs [2008.10.10 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Ulead Systems [2011.12.03 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\xmldm [2012.01.25 06:21:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007.12.28 21:32:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.06.19 12:19:49 | 000,000,000 | -H-D | M] -- C:\BJPrinter [2009.12.22 21:36:32 | 000,000,000 | -HSD | M] -- C:\Boot [2007.09.08 02:23:26 | 000,000,000 | ---D | M] -- C:\Documentation [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.08.13 13:08:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.11.09 23:04:10 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2007.09.08 01:56:14 | 000,000,000 | -H-D | M] -- C:\InstantON [2009.12.23 10:31:00 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.01.24 22:50:39 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.24 22:12:48 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.08.13 13:08:31 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.25 17:04:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.10 15:30:16 | 000,000,000 | ---D | M] -- C:\Update [2008.07.12 22:33:29 | 000,000,000 | R--D | M] -- C:\Users [2007.09.08 02:33:46 | 000,000,000 | -H-D | M] -- C:\WAUUPGRD [2012.01.25 06:17:56 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2006.11.02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys [2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008.01.19 06:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.01.02 11:16:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.01.02 11:16:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-23 15:17:19 < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB10488$] -> Error: Cannot create file handle -> Unknown point type < End of report > PS: Ich musste meinen Beitrag trennen, denn bei der anzahl an logfiles hat sich mein FF aufgehangen. |
|
26.01.2012, 17:00
| #5 |
| | mbam Trojaner gefundenCode:
ATTFilter 21:14:05.0692 1368 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
21:14:05.0894 1368 ============================================================
21:14:05.0894 1368 Current date / time: 2012/01/22 21:14:05.0894
21:14:05.0910 1368 SystemInfo:
21:14:05.0910 1368
21:14:05.0910 1368 OS Version: 6.0.6002 ServicePack: 2.0
21:14:05.0910 1368 Product type: Workstation
21:14:05.0910 1368 ComputerName: LOLA-PC
21:14:05.0910 1368 UserName: Lola
21:14:05.0910 1368 Windows directory: C:\Windows
21:14:05.0910 1368 System windows directory: C:\Windows
21:14:05.0910 1368 Processor architecture: Intel x86
21:14:05.0910 1368 Number of processors: 2
21:14:05.0910 1368 Page size: 0x1000
21:14:05.0910 1368 Boot type: Safe boot with network
21:14:05.0910 1368 ============================================================
21:14:09.0170 1368 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:14:09.0311 1368 Initialize success
21:14:11.0854 1356 ============================================================
21:14:11.0854 1356 Scan started
21:14:11.0854 1356 Mode: Manual;
21:14:11.0854 1356 ============================================================
21:14:16.0393 1356 a2acc (0436fbabd7e897eda44a511f60a59b37) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
21:14:16.0424 1356 a2acc - ok
21:14:16.0487 1356 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
21:14:16.0502 1356 A2DDA - ok
21:14:17.0048 1356 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:14:17.0189 1356 ACPI - ok
21:14:17.0844 1356 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:14:17.0984 1356 adp94xx - ok
21:14:18.0530 1356 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:14:18.0608 1356 adpahci - ok
21:14:19.0014 1356 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:14:19.0045 1356 adpu160m - ok
21:14:19.0498 1356 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:14:19.0560 1356 adpu320 - ok
21:14:20.0480 1356 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:14:20.0886 1356 AFD - ok
21:14:21.0526 1356 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:14:21.0557 1356 agp440 - ok
21:14:22.0087 1356 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:14:22.0165 1356 aic78xx - ok
21:14:22.0649 1356 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:14:22.0680 1356 aliide - ok
21:14:23.0117 1356 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:14:23.0132 1356 amdagp - ok
21:14:23.0756 1356 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:14:23.0756 1356 amdide - ok
21:14:24.0162 1356 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:14:24.0162 1356 AmdK7 - ok
21:14:24.0739 1356 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:14:24.0786 1356 AmdK8 - ok
21:14:25.0566 1356 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:14:25.0613 1356 arc - ok
21:14:26.0393 1356 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:14:26.0424 1356 arcsas - ok
21:14:27.0110 1356 ArcSoftKsUFilter (cf3a922857b052c3f073b72c905e4c89) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:14:27.0126 1356 ArcSoftKsUFilter - ok
21:14:27.0688 1356 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:14:27.0750 1356 AsyncMac - ok
21:14:28.0265 1356 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:14:28.0265 1356 atapi - ok
21:14:29.0201 1356 atikmdag (0be6ed329aa8ef85ebb890d336071e7c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:14:30.0402 1356 atikmdag - ok
21:14:30.0698 1356 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:14:30.0823 1356 avgio - ok
21:14:31.0400 1356 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
21:14:31.0447 1356 avgntflt - ok
21:14:31.0915 1356 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
21:14:31.0962 1356 avipbb - ok
21:14:32.0617 1356 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:14:32.0664 1356 Beep - ok
21:14:33.0132 1356 blbdrive - ok
21:14:33.0974 1356 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:14:34.0021 1356 bowser - ok
21:14:34.0723 1356 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:14:34.0754 1356 BrFiltLo - ok
21:14:35.0238 1356 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:14:35.0254 1356 BrFiltUp - ok
21:14:35.0737 1356 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:14:35.0768 1356 Brserid - ok
21:14:36.0158 1356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:14:36.0190 1356 BrSerWdm - ok
21:14:36.0751 1356 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:14:36.0814 1356 BrUsbMdm - ok
21:14:37.0266 1356 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:14:37.0282 1356 BrUsbSer - ok
21:14:37.0843 1356 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:14:37.0874 1356 BTHMODEM - ok
21:14:38.0358 1356 catchme - ok
21:14:38.0826 1356 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:14:38.0842 1356 cdfs - ok
21:14:39.0200 1356 cdrom - ok
21:14:39.0653 1356 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:14:39.0684 1356 circlass - ok
21:14:40.0214 1356 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:14:40.0417 1356 CLFS - ok
21:14:41.0182 1356 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:14:41.0213 1356 CmBatt - ok
21:14:41.0650 1356 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:14:41.0681 1356 cmdide - ok
21:14:42.0305 1356 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:14:42.0336 1356 Compbatt - ok
21:14:42.0882 1356 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:14:42.0898 1356 crcdisk - ok
21:14:43.0194 1356 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:14:43.0225 1356 Crusoe - ok
21:14:43.0787 1356 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:14:43.0849 1356 DfsC - ok
21:14:44.0645 1356 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:14:44.0676 1356 disk - ok
21:14:45.0472 1356 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
21:14:45.0472 1356 DMICall - ok
21:14:45.0846 1356 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:14:45.0862 1356 drmkaud - ok
21:14:46.0517 1356 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:14:46.0876 1356 DXGKrnl - ok
21:14:47.0578 1356 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:14:47.0687 1356 E1G60 - ok
21:14:48.0170 1356 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:14:48.0264 1356 Ecache - ok
21:14:48.0888 1356 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:14:49.0153 1356 elxstor - ok
21:14:49.0730 1356 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:14:49.0793 1356 exfat - ok
21:14:50.0339 1356 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:14:50.0464 1356 fastfat - ok
21:14:50.0885 1356 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:14:50.0932 1356 fdc - ok
21:14:51.0368 1356 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:14:51.0400 1356 FileInfo - ok
21:14:51.0961 1356 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:14:51.0977 1356 Filetrace - ok
21:14:52.0523 1356 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:14:52.0570 1356 flpydisk - ok
21:14:53.0162 1356 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:14:53.0194 1356 FltMgr - ok
21:14:53.0833 1356 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:14:53.0849 1356 Fs_Rec - ok
21:14:54.0348 1356 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:14:54.0395 1356 gagp30kx - ok
21:14:54.0910 1356 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:14:54.0925 1356 GEARAspiWDM - ok
21:14:55.0705 1356 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:14:55.0814 1356 HdAudAddService - ok
21:14:56.0516 1356 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:14:57.0156 1356 HDAudBus - ok
21:14:57.0640 1356 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:14:57.0655 1356 HidBth - ok
21:14:58.0201 1356 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:14:58.0264 1356 HidIr - ok
21:14:58.0685 1356 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:14:58.0732 1356 HidUsb - ok
21:14:59.0231 1356 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:14:59.0262 1356 HpCISSs - ok
21:15:00.0260 1356 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:15:00.0432 1356 HSFHWAZL - ok
21:15:01.0477 1356 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:15:01.0852 1356 HSF_DPV - ok
21:15:02.0366 1356 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:15:02.0522 1356 HSXHWAZL - ok
21:15:03.0037 1356 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:15:03.0349 1356 HTTP - ok
21:15:04.0051 1356 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:15:04.0082 1356 i2omp - ok
21:15:04.0784 1356 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:15:04.0816 1356 i8042prt - ok
21:15:05.0377 1356 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:15:05.0502 1356 iaStorV - ok
21:15:06.0594 1356 igfx (1b954f2bcb244596da704dc8c7729930) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:15:07.0608 1356 igfx - ok
21:15:08.0185 1356 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:15:08.0201 1356 iirsp - ok
21:15:09.0355 1356 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
21:15:10.0010 1356 IntcAzAudAddService - ok
21:15:10.0650 1356 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:15:10.0697 1356 intelide - ok
21:15:11.0258 1356 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:15:11.0290 1356 intelppm - ok
21:15:11.0804 1356 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:15:11.0820 1356 IpFilterDriver - ok
21:15:12.0163 1356 IpInIp - ok
21:15:12.0413 1356 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:15:12.0475 1356 IPMIDRV - ok
21:15:12.0943 1356 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:15:12.0990 1356 IPNAT - ok
21:15:13.0505 1356 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:15:13.0505 1356 IRENUM - ok
21:15:14.0004 1356 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:15:14.0066 1356 isapnp - ok
21:15:14.0800 1356 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:15:14.0815 1356 iScsiPrt - ok
21:15:15.0486 1356 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:15:15.0502 1356 iteatapi - ok
21:15:16.0016 1356 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:15:16.0032 1356 iteraid - ok
21:15:16.0562 1356 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
21:15:16.0578 1356 k750bus - ok
21:15:17.0171 1356 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\Windows\system32\DRIVERS\k750mdfl.sys
21:15:17.0233 1356 k750mdfl - ok
21:15:17.0608 1356 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\Windows\system32\DRIVERS\k750mdm.sys
21:15:17.0670 1356 k750mdm - ok
21:15:18.0122 1356 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:15:18.0122 1356 kbdclass - ok
21:15:18.0590 1356 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
21:15:18.0622 1356 kbdhid - ok
21:15:19.0246 1356 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:15:19.0495 1356 KSecDD - ok
21:15:20.0010 1356 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:15:20.0057 1356 lltdio - ok
21:15:20.0447 1356 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:15:20.0478 1356 LSI_FC - ok
21:15:20.0899 1356 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:15:20.0930 1356 LSI_SAS - ok
21:15:21.0539 1356 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:15:21.0570 1356 LSI_SCSI - ok
21:15:22.0038 1356 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:15:22.0069 1356 luafv - ok
21:15:22.0537 1356 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:15:22.0584 1356 mdmxsdk - ok
21:15:23.0068 1356 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:15:23.0130 1356 megasas - ok
21:15:23.0723 1356 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:15:23.0738 1356 Modem - ok
21:15:24.0160 1356 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:15:24.0222 1356 monitor - ok
21:15:24.0737 1356 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:15:24.0737 1356 mouclass - ok
21:15:25.0205 1356 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:15:25.0220 1356 mouhid - ok
21:15:25.0876 1356 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:15:25.0922 1356 MountMgr - ok
21:15:26.0531 1356 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:15:26.0578 1356 mpio - ok
21:15:26.0983 1356 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:15:27.0014 1356 mpsdrv - ok
21:15:27.0560 1356 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:15:27.0607 1356 Mraid35x - ok
21:15:28.0044 1356 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:15:28.0122 1356 MRxDAV - ok
21:15:28.0621 1356 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:15:28.0621 1356 mrxsmb - ok
21:15:29.0370 1356 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:15:29.0432 1356 mrxsmb10 - ok
21:15:29.0885 1356 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:15:29.0916 1356 mrxsmb20 - ok
21:15:30.0571 1356 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:15:30.0618 1356 msahci - ok
21:15:31.0086 1356 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:15:31.0117 1356 msdsm - ok
21:15:31.0538 1356 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:15:31.0554 1356 Msfs - ok
21:15:32.0162 1356 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:15:32.0209 1356 msisadrv - ok
21:15:32.0662 1356 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:15:32.0677 1356 MSKSSRV - ok
21:15:33.0192 1356 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:15:33.0208 1356 MSPCLOCK - ok
21:15:33.0722 1356 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:15:33.0738 1356 MSPQM - ok
21:15:34.0268 1356 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:15:34.0315 1356 MsRPC - ok
21:15:34.0846 1356 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:15:34.0846 1356 mssmbios - ok
21:15:35.0282 1356 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:15:35.0314 1356 MSTEE - ok
21:15:35.0828 1356 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:15:35.0844 1356 Mup - ok
21:15:36.0343 1356 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:15:36.0468 1356 NativeWifiP - ok
21:15:37.0264 1356 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:15:37.0513 1356 NDIS - ok
21:15:37.0825 1356 NDISKIO - ok
21:15:38.0449 1356 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:15:38.0449 1356 NdisTapi - ok
21:15:39.0058 1356 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:15:39.0104 1356 Ndisuio - ok
21:15:39.0619 1356 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:15:39.0682 1356 NdisWan - ok
21:15:40.0134 1356 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:15:40.0165 1356 NDProxy - ok
21:15:40.0742 1356 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:15:40.0758 1356 NetBIOS - ok
21:15:41.0101 1356 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:15:41.0195 1356 netbt - ok
21:15:42.0131 1356 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
21:15:43.0535 1356 NETw4v32 - ok
21:15:44.0221 1356 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:15:44.0284 1356 nfrd960 - ok
21:15:44.0986 1356 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:15:45.0001 1356 Npfs - ok
21:15:45.0360 1356 nsak_8800D5EA (e8edf3a7809da6169cc68b909b523fc9) C:\Users\Lola\AppData\Local\Temp\00000f99.nmc\nse\bin\nsak.sys
21:15:45.0454 1356 nsak_8800D5EA - ok
21:15:46.0062 1356 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:15:46.0062 1356 nsiproxy - ok
21:15:46.0733 1356 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:15:47.0372 1356 Ntfs - ok
21:15:47.0981 1356 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:15:48.0012 1356 ntrigdigi - ok
21:15:48.0496 1356 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:15:48.0527 1356 Null - ok
21:15:49.0151 1356 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:15:49.0229 1356 nvraid - ok
21:15:49.0837 1356 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:15:49.0993 1356 nvstor - ok
21:15:50.0430 1356 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:15:50.0508 1356 nv_agp - ok
21:15:50.0820 1356 NwlnkFlt - ok
21:15:51.0101 1356 NwlnkFwd - ok
21:15:51.0694 1356 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:15:51.0694 1356 ohci1394 - ok
21:15:52.0224 1356 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:15:52.0302 1356 Parport - ok
21:15:52.0848 1356 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:15:52.0926 1356 partmgr - ok
21:15:53.0456 1356 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:15:53.0472 1356 Parvdm - ok
21:15:53.0987 1356 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:15:54.0049 1356 pci - ok
21:15:54.0564 1356 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:15:54.0580 1356 pciide - ok
21:15:55.0141 1356 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
21:15:55.0219 1356 pcmcia - ok
21:15:55.0921 1356 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:15:56.0374 1356 PEAUTH - ok
21:15:56.0888 1356 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:15:56.0904 1356 PptpMiniport - ok
21:15:57.0372 1356 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:15:57.0403 1356 Processor - ok
21:15:57.0918 1356 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:15:57.0934 1356 PSched - ok
21:15:58.0370 1356 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
21:15:58.0386 1356 PxHelp20 - ok
21:15:59.0104 1356 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:15:59.0650 1356 ql2300 - ok
21:16:00.0118 1356 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:16:00.0180 1356 ql40xx - ok
21:16:00.0648 1356 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:16:00.0679 1356 QWAVEdrv - ok
21:16:01.0256 1356 R5U870FLx86 (9c9d24115f13af3aea05e1343a032bb1) C:\Windows\system32\Drivers\R5U870FLx86.sys
21:16:01.0319 1356 R5U870FLx86 - ok
21:16:01.0912 1356 R5U870FUx86 (18b4c879647661de37b49c2e48d65820) C:\Windows\system32\Drivers\R5U870FUx86.sys
21:16:01.0927 1356 R5U870FUx86 - ok
21:16:02.0302 1356 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:16:02.0317 1356 RasAcd - ok
21:16:02.0770 1356 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:16:02.0801 1356 Rasl2tp - ok
21:16:03.0409 1356 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:16:03.0440 1356 RasPppoe - ok
21:16:03.0986 1356 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:16:04.0018 1356 RasSstp - ok
21:16:04.0657 1356 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:16:04.0751 1356 rdbss - ok
21:16:05.0250 1356 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:16:05.0266 1356 RDPCDD - ok
21:16:05.0812 1356 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:16:05.0858 1356 rdpdr - ok
21:16:06.0295 1356 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:16:06.0311 1356 RDPENCDD - ok
21:16:06.0841 1356 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:16:06.0872 1356 RDPWD - ok
21:16:07.0465 1356 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
21:16:07.0481 1356 regi - ok
21:16:08.0058 1356 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
21:16:08.0058 1356 ROOTMODEM - ok
21:16:08.0526 1356 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:16:08.0557 1356 rspndr - ok
21:16:09.0103 1356 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:16:09.0103 1356 RTL8169 - ok
21:16:09.0306 1356 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:16:09.0322 1356 SASDIFSV - ok
21:16:09.0384 1356 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:16:09.0400 1356 SASKUTIL - ok
21:16:09.0899 1356 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:16:09.0961 1356 sbp2port - ok
21:16:10.0601 1356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:16:10.0616 1356 secdrv - ok
21:16:11.0069 1356 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:16:11.0100 1356 Serenum - ok
21:16:11.0474 1356 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:16:11.0506 1356 Serial - ok
21:16:11.0911 1356 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:16:11.0942 1356 sermouse - ok
21:16:12.0488 1356 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:16:12.0504 1356 sffdisk - ok
21:16:12.0956 1356 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:16:12.0988 1356 sffp_mmc - ok
21:16:13.0534 1356 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:16:13.0549 1356 sffp_sd - ok
21:16:14.0111 1356 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
21:16:14.0111 1356 sfloppy - ok
21:16:14.0563 1356 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:16:14.0641 1356 sisagp - ok
21:16:15.0016 1356 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:16:15.0047 1356 SiSRaid2 - ok
21:16:15.0562 1356 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:16:15.0608 1356 SiSRaid4 - ok
21:16:16.0123 1356 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:16:16.0139 1356 Smb - ok
21:16:16.0591 1356 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
21:16:16.0607 1356 SNC - ok
21:16:17.0137 1356 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:16:17.0153 1356 spldr - ok
21:16:17.0574 1356 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:16:17.0777 1356 srv - ok
21:16:18.0307 1356 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:16:18.0401 1356 srv2 - ok
21:16:18.0775 1356 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:16:18.0838 1356 srvnet - ok
21:16:19.0399 1356 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:16:19.0462 1356 ssmdrv - ok
21:16:20.0086 1356 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:16:20.0086 1356 swenum - ok
21:16:20.0366 1356 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:16:20.0366 1356 Symc8xx - ok
21:16:20.0741 1356 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:16:20.0803 1356 Sym_hi - ok
21:16:21.0271 1356 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:16:21.0287 1356 Sym_u3 - ok
21:16:22.0145 1356 SynTP (2185cc5be9922562108cf87f42e4bbaf) C:\Windows\system32\DRIVERS\SynTP.sys
21:16:22.0145 1356 SynTP - ok
21:16:22.0972 1356 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:16:23.0315 1356 Tcpip - ok
21:16:24.0001 1356 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:16:24.0001 1356 Tcpip6 - ok
21:16:24.0547 1356 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:16:24.0563 1356 tcpipreg - ok
21:16:25.0078 1356 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
21:16:25.0124 1356 TcUsb - ok
21:16:25.0639 1356 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:16:25.0670 1356 TDPIPE - ok
21:16:26.0216 1356 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:16:26.0232 1356 TDTCP - ok
21:16:26.0497 1356 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:16:26.0513 1356 tdx - ok
21:16:26.0981 1356 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:16:26.0981 1356 TermDD - ok
21:16:27.0574 1356 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
21:16:28.0120 1356 ti21sony - ok
21:16:28.0744 1356 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
21:16:28.0790 1356 tosporte - ok
21:16:29.0399 1356 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\Windows\system32\DRIVERS\tosrfbd.sys
21:16:29.0446 1356 tosrfbd - ok
21:16:29.0976 1356 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys
21:16:30.0054 1356 tosrfbnp - ok
21:16:30.0647 1356 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys
21:16:30.0662 1356 Tosrfcom - ok
21:16:31.0099 1356 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys
21:16:31.0146 1356 Tosrfhid - ok
21:16:31.0692 1356 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
21:16:31.0754 1356 tosrfnds - ok
21:16:32.0207 1356 tosrfusb (ac59b465500e660607ba393587e0e3a1) C:\Windows\system32\DRIVERS\tosrfusb.sys
21:16:32.0222 1356 tosrfusb - ok
21:16:32.0612 1356 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:16:32.0675 1356 tssecsrv - ok
21:16:33.0252 1356 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:16:33.0268 1356 tunmp - ok
21:16:33.0845 1356 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:16:33.0860 1356 tunnel - ok
21:16:34.0406 1356 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:16:34.0438 1356 uagp35 - ok
21:16:35.0030 1356 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:16:35.0233 1356 udfs - ok
21:16:35.0748 1356 UIUSys - ok
21:16:36.0185 1356 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:16:36.0216 1356 uliagpkx - ok
21:16:36.0934 1356 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:16:37.0121 1356 uliahci - ok
21:16:37.0651 1356 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:16:37.0682 1356 UlSata - ok
21:16:38.0166 1356 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:16:38.0197 1356 ulsata2 - ok
21:16:38.0774 1356 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:16:38.0790 1356 umbus - ok
21:16:39.0055 1356 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:16:39.0071 1356 UnlockerDriver5 - ok
21:16:39.0601 1356 USBAAPL - ok
21:16:40.0147 1356 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
21:16:40.0194 1356 usbbus - ok
21:16:40.0771 1356 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:16:40.0802 1356 usbccgp - ok
21:16:41.0348 1356 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:16:41.0520 1356 usbcir - ok
21:16:42.0035 1356 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
21:16:42.0050 1356 UsbDiag - ok
21:16:42.0456 1356 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:16:42.0472 1356 usbehci - ok
21:16:42.0924 1356 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:16:42.0971 1356 usbhub - ok
21:16:43.0486 1356 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
21:16:43.0564 1356 USBModem - ok
21:16:44.0063 1356 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:16:44.0125 1356 usbohci - ok
21:16:44.0624 1356 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:16:44.0687 1356 usbprint - ok
21:16:45.0233 1356 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:16:45.0233 1356 usbscan - ok
21:16:45.0685 1356 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:16:45.0716 1356 USBSTOR - ok
21:16:46.0169 1356 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:16:46.0184 1356 usbuhci - ok
21:16:46.0808 1356 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:16:46.0933 1356 usbvideo - ok
21:16:47.0510 1356 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:16:47.0542 1356 vga - ok
21:16:48.0041 1356 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:16:48.0056 1356 VgaSave - ok
21:16:48.0634 1356 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:16:48.0758 1356 viaagp - ok
21:16:49.0148 1356 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:16:49.0180 1356 ViaC7 - ok
21:16:49.0663 1356 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:16:49.0710 1356 viaide - ok
21:16:50.0365 1356 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:16:50.0365 1356 volmgr - ok
21:16:51.0161 1356 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:16:51.0270 1356 volmgrx - ok
21:16:51.0910 1356 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:16:52.0144 1356 volsnap - ok
21:16:52.0752 1356 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:16:52.0799 1356 vsmraid - ok
21:16:53.0454 1356 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:16:53.0470 1356 WacomPen - ok
21:16:53.0938 1356 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:53.0984 1356 Wanarp - ok
21:16:54.0031 1356 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:54.0031 1356 Wanarpv6 - ok
21:16:54.0998 1356 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:16:54.0998 1356 Wd - ok
21:16:55.0622 1356 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:16:55.0903 1356 Wdf01000 - ok
21:16:56.0543 1356 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
21:16:56.0621 1356 WimFltr - ok
21:16:57.0541 1356 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:16:57.0916 1356 winachsf - ok
21:16:58.0493 1356 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
21:16:58.0493 1356 winusb - ok
21:16:59.0070 1356 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:16:59.0101 1356 WmiAcpi - ok
21:16:59.0600 1356 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:16:59.0647 1356 WpdUsb - ok
21:17:00.0302 1356 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:17:00.0318 1356 ws2ifsl - ok
21:17:00.0958 1356 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:17:01.0036 1356 WUDFRd - ok
21:17:01.0613 1356 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
21:17:01.0644 1356 XAudio - ok
21:17:01.0831 1356 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:17:01.0956 1356 \Device\Harddisk0\DR0 - ok
21:17:01.0972 1356 Boot (0x1200) (04cf647f9342462866eee28b728df2ab) \Device\Harddisk0\DR0\Partition0
21:17:02.0003 1356 \Device\Harddisk0\DR0\Partition0 - ok
21:17:02.0003 1356 ============================================================
21:17:02.0003 1356 Scan finished
21:17:02.0003 1356 ============================================================
21:17:02.0003 0500 Detected object count: 0
21:17:02.0003 0500 Actual detected object count: 0
21:17:09.0148 1512 Deinitialize success
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.0
Letztes Update: 23.01.2012 22:07:56
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 23.01.2012 22:13:29
C:\Users\Lola\AppData\Roaming\Thunderbird\Profiles\mo4taaw4.default\ImapMail\imap.web.de\Entwurf -> ????king.zip gefunden: Trojan.Win32.Oficla!E2
C:\Users\Lola\AppData\Roaming\Thunderbird\Profiles\mo4taaw4.default\ImapMail\imap.web.de\Entwurf -> unnamed -> FedEx.exe gefunden: Trojan.Win32.Oficla!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7d4a5e32-1cb453bd -> report\FWriter.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7d4a5e32-1cb453bd -> report\Generator.class gefunden: Exploit.Java.CVE-2010-0840!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7d4a5e32-1cb453bd -> report\HDDDetect.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7d4a5e32-1cb453bd -> report\GPanel.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7d4a5e32-1cb453bd -> report\SmartyPointer.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\13459aa5-2a79317a -> shalun\chugun.class gefunden: JAVA.Small!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\13459aa5-2a79317a -> shalun\monter.class gefunden: JAVA.Small!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\13459aa5-2a79317a -> shalun\kipoltyrew.class gefunden: JAVA.Small!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\13459aa5-2a79317a -> shalun\nterhoop.class gefunden: Exploit.Java.Agent!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\13459aa5-2a79317a -> shalun\pinoche.class gefunden: Trojan-Downloader.Java.Agent!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\71896314-5d0d8c22 -> v1.class gefunden: Exploit.Java.CVE-2011!E2
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
Gescannt 633899
Gefunden 14
Scan Ende: 24.01.2012 04:23:01
Scan Zeit: 6:09:32
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Gelöscht Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\71896314-5d0d8c22 -> v1.class Gelöscht Exploit.Java.CVE-2011!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\13459aa5-2a79317a -> shalun\pinoche.class Gelöscht Trojan-Downloader.Java.Agent!E2
C:\Users\Lola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7d4a5e32-1cb453bd -> report\Generator.class Gelöscht Exploit.Java.CVE-2010-0840!E2
C:\Users\Lola\AppData\Roaming\Thunderbird\Profiles\mo4taaw4.default\ImapMail\imap.web.de\Entwurf -> ????king.zip Gelöscht Trojan.Win32.Oficla!E2
Gelöscht 5
|
|
26.01.2012, 17:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mbam Trojaner gefunden Und das Log von AntiVir ist wo?
__________________ --> mbam Trojaner gefunden |
|
26.01.2012, 17:23
| #8 |
| | mbam Trojaner gefunden von antivir habe ich kein logfile, da ich damit gar nicht gescannt habe. es hat nur während ich gesurft habe, angezeigt das 2 trojaner gefunden wurden und gescannt habe ich dann mit den ganzen anderen programmen. und in zwischen hab ich es auch deinstalliert, da ich gelesen habe das MSE besser sein soll! |
|
26.01.2012, 18:46
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mbam Trojaner gefunden Dann isses so. Emsisoft Anti-Malware - Version 6.0 bitte deinstallieren. Führe im Anschluss ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.01.2012, 18:31
| #10 |
| | mbam Trojaner gefundenCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=41452d6434bf6744b483f09853f25e9b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-27 05:27:14
# local_time=2012-01-27 06:27:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 66 100 606146 165210581 0 0
# compatibility_mode=8192 67108863 100 0 3710 3710 0 0
# scanned=206734
# found=2
# cleaned=0
# scan_time=7380
C:\Users\Lola\André\Download\PDFCreator-1_2_3_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Lola\André\Download\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
|
|
29.01.2012, 17:55
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mbam Trojaner gefunden Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.01.2012, 19:45
| #12 |
| | mbam Trojaner gefunden hier der geforderte logfile Code:
ATTFilter OTL logfile created on: 29.01.2012 19:20:29 - Run 7 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lola\Desktop\André\SystemSicherheit\TrojanerBoard Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,02% Memory free 4,21 Gb Paging File | 3,37 Gb Available in Paging File | 80,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140,11 Gb Total Space | 15,32 Gb Free Space | 10,93% Space Free | Partition Type: NTFS Computer Name: LOLA-PC | User Name: Lola | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 21:23:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lola\Desktop\André\SystemSicherheit\TrojanerBoard\OTL.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2007.07.24 18:26:38 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2007.07.24 18:26:38 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.06.15 11:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2007.06.14 07:40:46 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe PRC - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe ========== Modules (No Company Name) ========== MOD - [2007.06.30 02:07:56 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.07.24 18:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.07.05 18:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.11.11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007.07.07 01:10:36 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.06.30 12:04:34 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.27 18:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.06.16 01:17:13 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.05.30 19:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007.04.24 18:36:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007.04.24 12:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.04.20 01:01:10 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2007.04.20 01:01:10 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.03.01 15:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.02.13 18:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.06 09:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.02.11 10:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm) DRV - [2005.02.11 10:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005.02.11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 55 40 99 EF B1 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.groupon.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lola\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.09 15:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.11 16:42:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.02 20:22:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:42:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\ [2009.06.19 19:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Extensions [2012.01.27 20:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions [2012.01.09 17:47:12 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.07.16 12:30:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.09 17:46:59 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.04.01 09:48:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\engine@conduit.com [2010.07.27 20:14:08 | 000,000,873 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\conduit.xml [2009.02.02 09:53:50 | 000,001,632 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\live-search.xml [2010.11.03 18:30:51 | 000,002,057 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\youtube-videosuche.xml [2012.01.26 18:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.01.26 18:09:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} () (No name found) -- C:\USERS\LOLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVDNM9G2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.01.02 20:22:26 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.26 18:08:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.21 11:08:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.01.02 20:22:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.02 20:22:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.02 20:22:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.02 20:22:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.02 20:22:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.02 20:22:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: ICQ Search (Enabled) CHR - default_search_provider: search_url = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd CHR - default_search_provider: suggest_url = Hosts file not found O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090921024610 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1225017435 (Image Uploader Control) O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} hxxp://www3.snapfish.de/SnapfishActivia2.cab (Snapfish Activia2) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33FE9BC3-FC54-4248-B154-2B975A9721AA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8D3B9EF-A0AB-41E2-979F-2C01C0F80089}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO CR Wallpaper Pink 1280x800.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO CR Wallpaper Pink 1280x800.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe - (TOSHIBA CORPORATION.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk - C:\PROGRA~1\ArcSoft\MAGIC-~1\MAGIC-~1.EXE - (ArcSoft, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AdVantage Setup - hkey= - key= - File not found MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - File not found MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) MsConfig - StartUpReg: fssui - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Lola\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: MBBalloon - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - File not found MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: klmdb.sys - Driver SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: klmdb.sys - Driver SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) Drivers32: vidc.I263 - C:\Windows\System32\i263_32.drv (Intel Corporation) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.27 20:26:06 | 000,000,000 | ---D | C] -- C:\Users\Lola\AppData\Local\fotokasten comfort [2012.01.27 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.27 16:19:01 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Lola\Desktop\esetsmartinstaller_enu.exe [2012.01.26 18:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.01.26 15:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.26 15:44:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.26 15:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.24 22:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.01.22 22:08:29 | 000,100,864 | ---- | C] (GMER) -- C:\kxldapow.sys [2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Lola\AppData\Roaming\pdfforge [2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.01.04 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.29 19:19:20 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.29 19:19:20 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.29 19:19:20 | 000,128,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.29 19:19:20 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.29 19:13:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.29 19:13:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 19:13:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 19:13:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.29 19:13:32 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2012.01.28 16:53:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000UA.job [2012.01.28 09:47:28 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.27 19:53:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000Core.job [2012.01.27 16:18:58 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Lola\Desktop\esetsmartinstaller_enu.exe [2012.01.26 16:14:24 | 000,002,631 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Word 2007.lnk [2012.01.26 15:54:35 | 000,002,037 | ---- | M] () -- C:\Users\Lola\Desktop\Google Chrome.lnk [2012.01.24 22:40:23 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.01.22 22:15:44 | 000,002,032 | ---- | M] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat [2012.01.22 22:12:24 | 131,775,807 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.22 22:08:29 | 000,100,864 | ---- | M] (GMER) -- C:\kxldapow.sys [2012.01.22 21:25:35 | 000,000,000 | ---- | M] () -- C:\Users\Lola\defogger_reenable [2012.01.22 17:12:42 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81} [2012.01.22 17:06:16 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8} [2012.01.20 09:09:56 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.20 09:04:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.01.20 09:04:16 | 000,155,136 | ---- | M] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.17 20:53:04 | 000,002,735 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Outlook 2007.lnk [2012.01.17 20:37:06 | 000,225,123 | ---- | M] () -- C:\Users\Lola\Documents\Flug Melbourne.xps [2012.01.15 15:15:18 | 000,000,098 | ---- | M] () -- C:\Windows\WirelessFTP.INI [2012.01.04 17:18:22 | 000,001,899 | ---- | M] () -- C:\Users\Lola\Desktop\Netzwerk.lnk [2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.25 16:54:03 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys [2012.01.24 22:28:29 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.01.24 22:18:10 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.01.22 22:05:50 | 131,775,807 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.01.22 21:25:35 | 000,000,000 | ---- | C] () -- C:\Users\Lola\defogger_reenable [2012.01.22 17:12:42 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81} [2012.01.22 17:06:16 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8} [2012.01.17 20:37:02 | 000,225,123 | ---- | C] () -- C:\Users\Lola\Documents\Flug Melbourne.xps [2012.01.04 17:27:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.04 17:15:10 | 000,001,899 | ---- | C] () -- C:\Users\Lola\Desktop\Netzwerk.lnk [2011.12.03 19:47:04 | 000,000,036 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\blckdom.res [2011.05.02 18:14:53 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI [2011.03.16 15:10:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.16 15:10:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.16 15:10:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.16 15:10:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.16 15:10:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.29 10:13:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.01.26 16:45:18 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.01.26 16:45:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.26 16:41:00 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010.11.03 08:59:57 | 000,171,288 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010.10.02 09:39:18 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010.10.02 09:39:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.10.02 09:39:17 | 000,000,335 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.10.02 09:38:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\osclpthread.dll [2010.06.14 17:30:52 | 000,003,766 | ---- | C] () -- C:\Windows\scad3.INI [2009.12.21 16:43:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.21 16:43:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.10.17 15:51:17 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI [2009.10.05 11:02:43 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2009.10.05 11:02:43 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.05.12 10:38:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.12.04 00:30:10 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2008.12.02 12:57:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.11.25 18:16:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.11.25 10:36:43 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.11.25 10:36:27 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.11.18 11:00:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.10.16 20:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.10.13 15:48:59 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.10.13 15:48:59 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.10.13 15:48:59 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.10.13 15:48:59 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat [2008.03.09 15:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.01.02 21:38:23 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.01.02 21:33:14 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL [2007.12.31 13:34:35 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.30 18:38:28 | 004,590,949 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\UserTile.png [2007.12.28 21:31:27 | 000,155,136 | ---- | C] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.28 21:31:25 | 000,002,032 | ---- | C] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat [2007.09.08 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.08.13 23:00:50 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.13 23:00:50 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.08.13 23:00:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll [2007.08.13 23:00:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.08.13 23:00:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.08.13 23:00:48 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.08.13 13:46:45 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat [2007.08.13 04:25:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 16:33:31 | 000,634,352 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,128,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,454,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,601,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,105,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2005.04.28 05:22:34 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2005.04.28 05:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000081.DLL [1999.04.29 22:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.02.20 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\CoSoSys [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools Lite [2011.07.21 16:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoft [2011.07.21 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.28 10:38:36 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Facebook [2011.03.21 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Foxit [2011.09.24 09:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\GoPal Assistant [2008.01.02 21:38:54 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ Toolbar [2008.09.05 13:20:40 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\InterVideo [2011.12.03 19:46:57 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\kock [2009.01.29 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Leadertech [2009.10.05 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\LG Electronics [2008.11.25 10:40:07 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\MAGIX [2012.01.04 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\pdfforge [2011.10.15 09:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\SmartDraw [2009.08.05 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Snapfish [2011.12.06 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Synaptics [2007.12.29 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\temp [2011.12.17 10:07:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Thunderbird [2011.12.03 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\UAs [2008.10.10 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Ulead Systems [2011.12.03 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\xmldm [2012.01.29 12:18:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.29 09:55:55 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Adobe [2009.08.21 18:57:25 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Ahead [2010.11.03 08:59:45 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Apple Computer [2008.11.25 10:28:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ArcSoft [2008.11.24 21:34:38 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\AVS4YOU [2011.01.28 08:25:40 | 000,000,000 | R--D | M] -- C:\Users\Lola\AppData\Roaming\Brother [2010.02.20 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\CoSoSys [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools [2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools Lite [2010.06.06 19:18:26 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DivX [2011.09.21 19:41:44 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\dvdcss [2011.07.21 16:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoft [2011.07.21 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.28 10:38:36 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Facebook [2011.03.21 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Foxit [2007.12.29 13:40:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Google [2011.09.24 09:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\GoPal Assistant [2008.01.02 21:38:54 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ Toolbar [2007.08.13 13:10:34 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Identities [2007.08.13 15:04:23 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\InstallShield [2008.09.05 13:20:40 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\InterVideo [2011.12.03 19:46:57 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\kock [2009.01.29 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Leadertech [2009.10.05 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\LG Electronics [2007.08.14 09:26:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Macromedia [2008.11.25 10:40:07 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\MAGIX [2011.03.13 20:15:57 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Media Center Programs [2011.05.29 09:55:55 | 000,000,000 | --SD | M] -- C:\Users\Lola\AppData\Roaming\Microsoft [2007.12.31 13:29:52 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Microsoft Web Folders [2009.06.19 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Mozilla [2012.01.04 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\pdfforge [2011.10.29 21:27:37 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Skype [2011.10.29 15:00:31 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\skypePM [2011.10.15 09:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\SmartDraw [2009.08.05 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Snapfish [2008.02.03 19:56:52 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Sony Corporation [2008.01.19 14:35:31 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Symantec [2011.12.06 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Synaptics [2007.12.29 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\temp [2011.12.17 10:07:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Thunderbird [2011.12.03 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\UAs [2008.10.10 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Ulead Systems [2011.10.23 17:28:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\vlc [2008.02.03 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\WinRAR [2011.12.03 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\xmldm < %APPDATA%\*.exe /s > [2010.06.28 10:38:36 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Lola\AppData\Roaming\Facebook\uninstall.exe [2011.09.25 14:44:31 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\0B65B083-694A-4E3E-8F06-6E9DD7493672\AutoRunCE.exe [2011.09.25 14:44:35 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\0B65B083-694A-4E3E-8F06-6E9DD7493672\1\module.exe [2011.09.25 14:43:50 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\1E7717FD-79BC-4600-97C8-98DA58814DF3\AutoRunCE.exe [2011.09.25 14:43:59 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\1E7717FD-79BC-4600-97C8-98DA58814DF3\1\module.exe [2011.09.25 14:44:58 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\2CFAE8CE-5D2C-42C3-9161-12F15A6B7711\AutoRunCE.exe [2011.09.25 14:45:01 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\2CFAE8CE-5D2C-42C3-9161-12F15A6B7711\1\module.exe [2011.09.25 14:44:16 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\2D2D7328-687E-4B19-AC40-A348045A684F\AutoRunCE.exe [2011.09.25 14:44:19 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\2D2D7328-687E-4B19-AC40-A348045A684F\1\module.exe [2011.09.25 14:44:10 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\4E54CB56-FD7E-4455-B0C8-B49566BBBFDD\AutoRunCE.exe [2011.09.25 14:44:15 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\4E54CB56-FD7E-4455-B0C8-B49566BBBFDD\1\module.exe [2011.09.25 14:44:55 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\697F52C2-B029-4B07-95A0-97C5204A1EAA\AutoRunCE.exe [2011.09.25 14:44:57 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\697F52C2-B029-4B07-95A0-97C5204A1EAA\1\module.exe [2011.09.25 14:44:26 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\72E2D4FF-45AD-412E-BFCF-56BC9C389A07\AutoRunCE.exe [2011.09.25 14:44:30 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\72E2D4FF-45AD-412E-BFCF-56BC9C389A07\1\module.exe [2011.09.25 14:44:37 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\89AC976A-E0B3-4B6E-B208-E1C177776D2B\AutoRunCE.exe [2011.09.25 14:44:40 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\89AC976A-E0B3-4B6E-B208-E1C177776D2B\1\module.exe [2011.09.25 14:44:49 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\8DFA0A1F-3D03-435A-9081-1A8B9E7C59D8\AutoRunCE.exe [2011.09.25 14:44:52 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\8DFA0A1F-3D03-435A-9081-1A8B9E7C59D8\1\module.exe [2011.09.25 14:47:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\9ED4F986-2082-496F-8C7B-994612E8AF52\AutoRunCE.exe [2011.09.25 14:48:07 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\9ED4F986-2082-496F-8C7B-994612E8AF52\1\module.exe [2011.09.25 14:44:21 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\A5A79E90-FA5C-4145-85F8-1289612CB21D\AutoRunCE.exe [2011.09.25 14:44:24 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\A5A79E90-FA5C-4145-85F8-1289612CB21D\1\module.exe [2011.09.25 14:45:01 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\B6E6FB59-5F02-4AB3-8FE7-41596354010B\AutoRunCE.exe [2011.09.25 14:45:04 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\B6E6FB59-5F02-4AB3-8FE7-41596354010B\1\module.exe [2011.09.25 14:44:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\B9A18AA9-6BAE-44C0-9BD5-E86B8422AF02\AutoRunCE.exe [2011.09.25 14:44:54 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\B9A18AA9-6BAE-44C0-9BD5-E86B8422AF02\1\module.exe [2011.09.25 14:45:04 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\BD98DB02-93F7-439C-AB1F-A1EA7424AEED\AutoRunCE.exe [2011.09.25 14:45:07 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\BD98DB02-93F7-439C-AB1F-A1EA7424AEED\1\module.exe [2011.09.25 14:44:41 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E0CB5E85-A116-4D73-B1DB-71658CB6A3E0\AutoRunCE.exe [2011.09.25 14:44:44 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E0CB5E85-A116-4D73-B1DB-71658CB6A3E0\1\module.exe [2011.09.25 14:45:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E1B8ABA8-CFD4-4331-821F-4621FDB92245\AutoRunCE.exe [2011.09.25 14:45:11 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E1B8ABA8-CFD4-4331-821F-4621FDB92245\1\module.exe [2011.09.25 14:44:00 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E53E67CC-71F0-44FB-A42D-EA7F6B4BDAE3\AutoRunCE.exe [2011.09.25 14:44:03 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E53E67CC-71F0-44FB-A42D-EA7F6B4BDAE3\1\module.exe [2011.09.25 14:44:45 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\F88A580C-D2ED-416B-9ABE-E2EB81B03594\AutoRunCE.exe [2011.09.25 14:44:48 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\F88A580C-D2ED-416B-9ABE-E2EB81B03594\1\module.exe [2008.12.02 07:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Templates\I\UninstallMSI.exe [2008.12.01 12:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Templates\I\UninstallMSI32.exe [2008.12.01 12:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Templates\I\UninstallMSI64.exe [2009.03.20 06:09:32 | 001,360,008 | R--- | M] () -- C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Templates\I\USBAutoRun.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.14 10:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 10:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 10:53:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.08.13 14:11:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.08.13 14:11:31 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB10488$] -> Error: Cannot create file handle -> Unknown point type < End of report > |
|
29.01.2012, 19:47
| #13 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | mbam Trojaner gefundenZitat:
 Ich würde dir erstmal für den Fall der Fälle eine Datensicherung empfehlen und dich darauf vorzubereiten, eine komplette Neuinstallation von Windows durchzuführen, den ZA kann man nämlich nicht immer per Bereinigung entfernen! Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen. Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen. Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch. 1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein 2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows 3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist  4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken 5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind) 6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!! 7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten) Wenn du dir sicher bist, dass du auch alle Daten unter Linux gesichert hast, führst du mal Combofix aus: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.01.2012, 20:14
| #14 |
| | mbam Trojaner gefunden ich werde die datensicherung anfang kommender woche durchführen, da ich mir erstmal eine externe festplatte organisieren muss, aber hab da schon eine idee. hab grad auch mal im netz gesucht was zero access so macht. hab dazu zwar nix gefunden (vllt kannst du es mir verraten?), aber hab da was von bitdefender gelesen, das diesen rootkit löschen soll. vllt bringt das ja was??? ach ja und noch was anderes..., muss ich angst haben, dass etwaige usb sticks, die an meinem laptop waren auch infiziert sind bzw. anderen laptops mit denen ich in verbinung stand??? |
|
30.01.2012, 09:07
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | mbam Trojaner gefundenZitat:
Zudem sollte man immer eine Sicherung seiner Daten haben falls was schiefgeht und das System völlig zerstört wurde.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu mbam Trojaner gefunden |
| 0x00000001, adobe, avira, bho, bonjour, canon, converter, defender, downloader, emsisoft, emsisoft anti-malware, error, explorer, firefox, format, google earth, helper, home, langs, microsoft office word, mozilla thunderbird, mp3, plug-in, realtek, registry, required, rojaner gefunden, rundll, safer networking, senden, software, studio, symantec, temp, trojaner, trojaner gefunden, version=1.0, virus, vista, winlogon.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
