| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Aus Sicherheitsgründen wird ihr Windowssystem blockiert.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2012, 21:30
| #16 |
 |  Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Hallo Arne, (gibt es ein Tool um das *** Einfügen zu automatisieren...? puh!) Ohne spezielle Anweisung habe ich die Einstellungen übernommen, die OTL beim öffnen bot. Hierzu der neue LOG OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.01.2012 21:07:53 - Run 7 OTL by OldTimer - Version 3.2.31.0 Folder = E:\28_1 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 7,04 Gb Available Physical Memory | 88,21% Memory free 15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,95 Gb Total Space | 82,34 Gb Free Space | 55,28% Space Free | Partition Type: NTFS Drive D: | 488,28 Gb Total Space | 488,14 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 488,28 Gb Total Space | 422,35 Gb Free Space | 86,50% Space Free | Partition Type: NTFS Drive F: | 886,45 Gb Total Space | 886,30 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.13 15:03:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\28_1\OTL.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.10.25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE ========== Modules (No Company Name) ========== MOD - [2011.06.01 20:14:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.10.25 15:15:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.27 15:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.03.21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.10.27 14:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 14:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 14:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 14:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 14:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 14:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 14:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 14:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.08.27 18:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 5B A3 33 CA BD CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.11.16 11:22:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.11.16 11:31:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.08 22:20:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.06.08 22:20:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.02 08:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.06.02 08:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.01 20:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.01 20:14:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.06.01 11:53:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.11.16 11:22:55 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5.1\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9} File not found (No name found) -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT [2011.04.14 17:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [GMX SMS-Manager] C:\Program Files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG) O4:64bit: - HKLM..\RunOnce: [LinkInstaller] C:\Program Files\Common Files\LinkInstaller.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB40BCDE-123F-4351-976C-885FD6464BEB}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: VIDC.ACDV - ACDV.dll File not found Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.31 15:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.31 15:33:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.01.31 12:35:44 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.31 12:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.31 12:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.28 16:34:54 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2012.01.28 15:40:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.01.28 15:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes ========== Files - Modified Within 30 Days ========== [2012.01.31 21:03:39 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.01.31 21:03:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.31 15:42:01 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.31 15:42:01 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.31 15:39:05 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.31 15:39:05 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.31 15:39:05 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.31 15:39:05 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.31 15:39:05 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.31 15:34:56 | 2131,841,023 | -HS- | M] () -- C:\hiberfil.sys [2012.01.31 15:34:18 | 000,163,533 | ---- | M] () -- C:\ProgramData\bdinstall.bin [2012.01.31 12:35:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.28 14:47:03 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable ========== Files Created - No Company Name ========== [2012.01.31 12:35:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.28 14:47:03 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.11.22 12:53:15 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.11.09 16:24:54 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.07.15 17:44:44 | 000,013,312 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.02 09:45:59 | 000,000,178 | ---- | C] () -- C:\Windows\KPCMS.INI [2011.06.02 09:45:51 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat [2011.06.02 09:45:47 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL [2011.06.01 12:10:19 | 000,163,533 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.06.01 11:55:59 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.06.01 11:55:59 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.06.01 11:55:59 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.06.01 11:55:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.06.01 11:55:59 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.06.01 11:26:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.01 10:38:36 | 000,038,649 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.06.01 10:34:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.06.01 10:34:20 | 000,025,549 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.07.08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011.07.02 19:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ACD Systems [2011.06.01 14:45:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitDefender [2011.06.01 12:01:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.09.29 08:20:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.11.16 15:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.16 11:48:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer [2011.12.02 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.06.30 14:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.07.06 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2011.07.05 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Moi [2011.06.01 20:14:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.07.07 15:51:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PandoraRecovery [2011.06.01 14:44:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.07.02 19:22:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RawShellExtender [2011.06.06 11:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SimLab [2011.06.02 08:11:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.11.10 11:57:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.07.02 19:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ACD Systems [2011.11.22 16:53:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2011.06.02 10:11:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2011.06.01 11:26:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI [2011.06.01 14:45:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitDefender [2011.06.01 12:01:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.09.29 08:20:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.11.16 15:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.16 11:48:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer [2011.12.02 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.06.01 10:33:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2011.06.01 10:39:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2011.06.30 14:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.06.01 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.01.28 15:40:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.07.06 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2010.11.21 08:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.12.18 22:30:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic [2012.01.28 17:04:10 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2011.07.05 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Moi [2011.06.01 21:38:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011.06.01 20:14:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.07.07 15:51:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PandoraRecovery [2011.06.01 14:44:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.07.02 19:22:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RawShellExtender [2011.06.06 11:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SimLab [2011.06.02 08:11:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.11.16 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2011.11.16 11:10:40 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.11.16 11:13:10 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe [2011.06.27 12:34:11 | 000,006,144 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3D6B5B20-7783-4984-948F-5EC6D94711D4}\Icon3D6B5B202.exe [2011.06.27 12:34:11 | 000,009,728 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3D6B5B20-7783-4984-948F-5EC6D94711D4}\Icon3D6B5B203.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Files - Unicode (All) ========== [2012.01.31 15:32:42 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 [2012.01.31 15:32:42 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 < End of report > Geändert von Lebowski (31.01.2012 um 21:55 Uhr) Grund: Rechtschreibung |
|
31.01.2012, 22:16
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Aus Sicherheitsgründen wird ihr Windowssystem blockiert.Zitat:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 5B A3 33 CA BD CC 01 [binary data]
O4 - HKLM..\Run: [] File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
01.02.2012, 08:32
| #18 |
| | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Guten Morgen Arne,
__________________Der fix scan dauerte keine 4 Sekunden. Das Logfile wurde nicht geöffnet, der Rechner sollte sofort neu gestartet werden. Hier der Bericht (02012012_081955. txt)aus dem Ordner "_OTL" -"Moved Files" Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 386583 bytes
->Temporary Internet Files folder emptied: 1036033 bytes
->Java cache emptied: 40405980 bytes
->FireFox cache emptied: 45059695 bytes
->Flash cache emptied: 57234 bytes
User: ***
->Temp folder emptied: 4646147 bytes
->Temporary Internet Files folder emptied: 5916922 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44422049 bytes
->Flash cache emptied: 56977 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12696 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50550 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 136,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02012012_081955
|
|
01.02.2012, 11:28
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2012, 11:49
| #20 |
| | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Hallo Arne, ich bin immer im eingeschränktem Konto am Ausführen (welches ich mit Admin-Passwort starte), also bisher nie im abgesichertem Modus. unhide nicht benötigt. TDSS_Report Code:
ATTFilter 11:38:30.0959 4864 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
11:38:31.0128 4864 ============================================================
11:38:31.0128 4864 Current date / time: 2012/02/01 11:38:31.0128
11:38:31.0128 4864 SystemInfo:
11:38:31.0128 4864
11:38:31.0128 4864 OS Version: 6.1.7601 ServicePack: 1.0
11:38:31.0128 4864 Product type: Workstation
11:38:31.0128 4864 ComputerName: ***
11:38:31.0128 4864 UserName: ***
11:38:31.0128 4864 Windows directory: C:\Windows
11:38:31.0128 4864 System windows directory: C:\Windows
11:38:31.0128 4864 Running under WOW64
11:38:31.0128 4864 Processor architecture: Intel x64
11:38:31.0128 4864 Number of processors: 8
11:38:31.0128 4864 Page size: 0x1000
11:38:31.0128 4864 Boot type: Normal boot
11:38:31.0128 4864 ============================================================
11:38:31.0277 4864 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C0E00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B600, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:38:31.0278 4864 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:38:31.0286 4864 \Device\Harddisk0\DR0:
11:38:31.0286 4864 MBR used
11:38:31.0286 4864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3D090000
11:38:31.0286 4864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x3D090000
11:38:31.0286 4864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7A120800, BlocksNum 0x6ECE5800
11:38:31.0286 4864 \Device\Harddisk1\DR1:
11:38:31.0286 4864 MBR used
11:38:31.0286 4864 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:38:31.0286 4864 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
11:38:31.0382 4864 Initialize success
11:38:31.0382 4864 ============================================================
11:39:18.0588 5028 ============================================================
11:39:18.0588 5028 Scan started
11:39:18.0588 5028 Mode: Manual;
11:39:18.0588 5028 ============================================================
11:39:18.0663 5028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
11:39:18.0665 5028 1394ohci - ok
11:39:18.0685 5028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:39:18.0688 5028 ACPI - ok
11:39:18.0702 5028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:39:18.0703 5028 AcpiPmi - ok
11:39:18.0725 5028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:39:18.0731 5028 adp94xx - ok
11:39:18.0748 5028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:39:18.0752 5028 adpahci - ok
11:39:18.0768 5028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:39:18.0770 5028 adpu320 - ok
11:39:18.0791 5028 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:39:18.0796 5028 AFD - ok
11:39:18.0810 5028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:39:18.0811 5028 agp440 - ok
11:39:18.0825 5028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:39:18.0826 5028 aliide - ok
11:39:18.0840 5028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:39:18.0840 5028 amdide - ok
11:39:18.0854 5028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:39:18.0855 5028 AmdK8 - ok
11:39:18.0972 5028 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
11:39:19.0040 5028 amdkmdag - ok
11:39:19.0059 5028 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
11:39:19.0060 5028 amdkmdap - ok
11:39:19.0075 5028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:39:19.0076 5028 AmdPPM - ok
11:39:19.0091 5028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:39:19.0093 5028 amdsata - ok
11:39:19.0108 5028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:39:19.0111 5028 amdsbs - ok
11:39:19.0127 5028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:39:19.0127 5028 amdxata - ok
11:39:19.0144 5028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:39:19.0145 5028 AppID - ok
11:39:19.0166 5028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:39:19.0168 5028 arc - ok
11:39:19.0182 5028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:39:19.0184 5028 arcsas - ok
11:39:19.0198 5028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:39:19.0199 5028 AsyncMac - ok
11:39:19.0213 5028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:39:19.0213 5028 atapi - ok
11:39:19.0227 5028 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
11:39:19.0227 5028 AthBTPort - ok
11:39:19.0241 5028 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
11:39:19.0241 5028 ATHDFU - ok
11:39:19.0259 5028 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
11:39:19.0260 5028 AtiHDAudioService - ok
11:39:19.0283 5028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:39:19.0289 5028 b06bdrv - ok
11:39:19.0306 5028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:39:19.0309 5028 b57nd60a - ok
11:39:19.0324 5028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:39:19.0324 5028 Beep - ok
11:39:19.0340 5028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:39:19.0341 5028 blbdrive - ok
11:39:19.0355 5028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:39:19.0356 5028 bowser - ok
11:39:19.0370 5028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:39:19.0371 5028 BrFiltLo - ok
11:39:19.0384 5028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:39:19.0384 5028 BrFiltUp - ok
11:39:19.0401 5028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:39:19.0404 5028 Brserid - ok
11:39:19.0418 5028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:39:19.0418 5028 BrSerWdm - ok
11:39:19.0432 5028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:39:19.0433 5028 BrUsbMdm - ok
11:39:19.0445 5028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:39:19.0446 5028 BrUsbSer - ok
11:39:19.0461 5028 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
11:39:19.0463 5028 BTATH_A2DP - ok
11:39:19.0476 5028 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
11:39:19.0476 5028 BTATH_BUS - ok
11:39:19.0492 5028 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:39:19.0494 5028 BTATH_HCRP - ok
11:39:19.0506 5028 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:39:19.0507 5028 BTATH_LWFLT - ok
11:39:19.0521 5028 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
11:39:19.0522 5028 BTATH_RCP - ok
11:39:19.0540 5028 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
11:39:19.0541 5028 BtFilter - ok
11:39:19.0556 5028 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:39:19.0556 5028 BthEnum - ok
11:39:19.0570 5028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:39:19.0571 5028 BTHMODEM - ok
11:39:19.0585 5028 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:39:19.0586 5028 BthPan - ok
11:39:19.0605 5028 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:39:19.0610 5028 BTHPORT - ok
11:39:19.0625 5028 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:39:19.0626 5028 BTHUSB - ok
11:39:19.0640 5028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:39:19.0641 5028 cdfs - ok
11:39:19.0657 5028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:39:19.0659 5028 cdrom - ok
11:39:19.0673 5028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:39:19.0674 5028 circlass - ok
11:39:19.0689 5028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:39:19.0692 5028 CLFS - ok
11:39:19.0710 5028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:39:19.0710 5028 CmBatt - ok
11:39:19.0723 5028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:39:19.0724 5028 cmdide - ok
11:39:19.0741 5028 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:39:19.0747 5028 CNG - ok
11:39:19.0760 5028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:39:19.0761 5028 Compbatt - ok
11:39:19.0774 5028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:39:19.0775 5028 CompositeBus - ok
11:39:19.0790 5028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:39:19.0791 5028 crcdisk - ok
11:39:19.0814 5028 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:39:19.0821 5028 CSC - ok
11:39:19.0842 5028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:39:19.0843 5028 DfsC - ok
11:39:19.0858 5028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:39:19.0859 5028 discache - ok
11:39:19.0873 5028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:39:19.0874 5028 Disk - ok
11:39:19.0888 5028 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
11:39:19.0890 5028 dmvsc - ok
11:39:19.0907 5028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:39:19.0907 5028 drmkaud - ok
11:39:19.0931 5028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:39:19.0936 5028 DXGKrnl - ok
11:39:19.0998 5028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:39:20.0042 5028 ebdrv - ok
11:39:20.0065 5028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:39:20.0070 5028 elxstor - ok
11:39:20.0084 5028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:39:20.0084 5028 ErrDev - ok
11:39:20.0103 5028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:39:20.0105 5028 exfat - ok
11:39:20.0121 5028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:39:20.0123 5028 fastfat - ok
11:39:20.0138 5028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:39:20.0139 5028 fdc - ok
11:39:20.0156 5028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:39:20.0156 5028 FileInfo - ok
11:39:20.0169 5028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:39:20.0170 5028 Filetrace - ok
11:39:20.0182 5028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:39:20.0183 5028 flpydisk - ok
11:39:20.0199 5028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:39:20.0203 5028 FltMgr - ok
11:39:20.0219 5028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:39:20.0221 5028 FsDepends - ok
11:39:20.0234 5028 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:39:20.0234 5028 Fs_Rec - ok
11:39:20.0250 5028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:39:20.0252 5028 fvevol - ok
11:39:20.0266 5028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:39:20.0268 5028 gagp30kx - ok
11:39:20.0287 5028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:39:20.0288 5028 hcw85cir - ok
11:39:20.0305 5028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:39:20.0308 5028 HdAudAddService - ok
11:39:20.0324 5028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:39:20.0325 5028 HDAudBus - ok
11:39:20.0338 5028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:39:20.0339 5028 HidBatt - ok
11:39:20.0351 5028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:39:20.0353 5028 HidBth - ok
11:39:20.0367 5028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:39:20.0369 5028 HidIr - ok
11:39:20.0384 5028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:39:20.0385 5028 HidUsb - ok
11:39:20.0402 5028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:39:20.0403 5028 HpSAMD - ok
11:39:20.0425 5028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:39:20.0432 5028 HTTP - ok
11:39:20.0446 5028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:39:20.0446 5028 hwpolicy - ok
11:39:20.0461 5028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:39:20.0463 5028 i8042prt - ok
11:39:20.0481 5028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:39:20.0483 5028 iaStorV - ok
11:39:20.0500 5028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:39:20.0501 5028 iirsp - ok
11:39:20.0548 5028 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
11:39:20.0559 5028 IntcAzAudAddService - ok
11:39:20.0574 5028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:39:20.0575 5028 intelide - ok
11:39:20.0590 5028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:39:20.0591 5028 intelppm - ok
11:39:20.0606 5028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:39:20.0608 5028 IpFilterDriver - ok
11:39:20.0623 5028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:39:20.0624 5028 IPMIDRV - ok
11:39:20.0639 5028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:39:20.0641 5028 IPNAT - ok
11:39:20.0653 5028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:39:20.0654 5028 IRENUM - ok
11:39:20.0667 5028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:39:20.0668 5028 isapnp - ok
11:39:20.0684 5028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:39:20.0688 5028 iScsiPrt - ok
11:39:20.0701 5028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:39:20.0702 5028 kbdclass - ok
11:39:20.0715 5028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:39:20.0716 5028 kbdhid - ok
11:39:20.0731 5028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:39:20.0732 5028 KSecDD - ok
11:39:20.0747 5028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:39:20.0749 5028 KSecPkg - ok
11:39:20.0762 5028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:39:20.0762 5028 ksthunk - ok
11:39:20.0786 5028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:39:20.0787 5028 lltdio - ok
11:39:20.0807 5028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:39:20.0808 5028 LSI_FC - ok
11:39:20.0824 5028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:39:20.0826 5028 LSI_SAS - ok
11:39:20.0839 5028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:39:20.0840 5028 LSI_SAS2 - ok
11:39:20.0854 5028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:39:20.0856 5028 LSI_SCSI - ok
11:39:20.0871 5028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:39:20.0873 5028 luafv - ok
11:39:20.0887 5028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:39:20.0888 5028 megasas - ok
11:39:20.0905 5028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:39:20.0910 5028 MegaSR - ok
11:39:20.0924 5028 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:39:20.0924 5028 MEIx64 - ok
11:39:20.0938 5028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:39:20.0939 5028 Modem - ok
11:39:20.0952 5028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:39:20.0953 5028 monitor - ok
11:39:20.0966 5028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:39:20.0967 5028 mouclass - ok
11:39:20.0980 5028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:39:20.0981 5028 mouhid - ok
11:39:20.0995 5028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:39:20.0996 5028 mountmgr - ok
11:39:21.0011 5028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:39:21.0013 5028 mpio - ok
11:39:21.0027 5028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:39:21.0029 5028 mpsdrv - ok
11:39:21.0045 5028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:39:21.0048 5028 MRxDAV - ok
11:39:21.0063 5028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:39:21.0065 5028 mrxsmb - ok
11:39:21.0083 5028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:39:21.0087 5028 mrxsmb10 - ok
11:39:21.0101 5028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:39:21.0103 5028 mrxsmb20 - ok
11:39:21.0116 5028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:39:21.0117 5028 msahci - ok
11:39:21.0132 5028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:39:21.0134 5028 msdsm - ok
11:39:21.0152 5028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:39:21.0153 5028 Msfs - ok
11:39:21.0166 5028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:39:21.0166 5028 mshidkmdf - ok
11:39:21.0179 5028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:39:21.0180 5028 msisadrv - ok
11:39:21.0196 5028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:39:21.0196 5028 MSKSSRV - ok
11:39:21.0209 5028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:39:21.0209 5028 MSPCLOCK - ok
11:39:21.0222 5028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:39:21.0222 5028 MSPQM - ok
11:39:21.0239 5028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:39:21.0243 5028 MsRPC - ok
11:39:21.0258 5028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:39:21.0258 5028 mssmbios - ok
11:39:21.0271 5028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:39:21.0272 5028 MSTEE - ok
11:39:21.0285 5028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:39:21.0286 5028 MTConfig - ok
11:39:21.0299 5028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:39:21.0300 5028 Mup - ok
11:39:21.0316 5028 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys
11:39:21.0319 5028 mv91xx - ok
11:39:21.0338 5028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:39:21.0343 5028 NativeWifiP - ok
11:39:21.0370 5028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:39:21.0381 5028 NDIS - ok
11:39:21.0396 5028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:39:21.0396 5028 NdisCap - ok
11:39:21.0410 5028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:39:21.0411 5028 NdisTapi - ok
11:39:21.0424 5028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:39:21.0425 5028 Ndisuio - ok
11:39:21.0440 5028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:39:21.0442 5028 NdisWan - ok
11:39:21.0456 5028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:39:21.0457 5028 NDProxy - ok
11:39:21.0471 5028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:39:21.0472 5028 NetBIOS - ok
11:39:21.0488 5028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:39:21.0490 5028 NetBT - ok
11:39:21.0509 5028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:39:21.0510 5028 nfrd960 - ok
11:39:21.0526 5028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:39:21.0527 5028 Npfs - ok
11:39:21.0541 5028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:39:21.0542 5028 nsiproxy - ok
11:39:21.0572 5028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:39:21.0586 5028 Ntfs - ok
11:39:21.0600 5028 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
11:39:21.0600 5028 NuidFltr - ok
11:39:21.0615 5028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:39:21.0615 5028 Null - ok
11:39:21.0630 5028 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
11:39:21.0631 5028 nusb3hub - ok
11:39:21.0646 5028 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:39:21.0649 5028 nusb3xhc - ok
11:39:21.0663 5028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:39:21.0666 5028 nvraid - ok
11:39:21.0680 5028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:39:21.0683 5028 nvstor - ok
11:39:21.0697 5028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:39:21.0699 5028 nv_agp - ok
11:39:21.0713 5028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:39:21.0714 5028 ohci1394 - ok
11:39:21.0731 5028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:39:21.0733 5028 Parport - ok
11:39:21.0747 5028 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:39:21.0748 5028 partmgr - ok
11:39:21.0765 5028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:39:21.0767 5028 pci - ok
11:39:21.0780 5028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:39:21.0781 5028 pciide - ok
11:39:21.0796 5028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:39:21.0800 5028 pcmcia - ok
11:39:21.0813 5028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:39:21.0813 5028 pcw - ok
11:39:21.0834 5028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:39:21.0841 5028 PEAUTH - ok
11:39:21.0870 5028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:39:21.0872 5028 PptpMiniport - ok
11:39:21.0886 5028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:39:21.0887 5028 Processor - ok
11:39:21.0905 5028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:39:21.0906 5028 Psched - ok
11:39:21.0921 5028 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:39:21.0922 5028 PxHlpa64 - ok
11:39:21.0956 5028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:39:21.0974 5028 ql2300 - ok
11:39:21.0991 5028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:39:21.0994 5028 ql40xx - ok
11:39:22.0010 5028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:39:22.0011 5028 QWAVEdrv - ok
11:39:22.0026 5028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:39:22.0027 5028 RasAcd - ok
11:39:22.0042 5028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:39:22.0044 5028 RasAgileVpn - ok
11:39:22.0061 5028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:39:22.0063 5028 Rasl2tp - ok
11:39:22.0081 5028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:39:22.0083 5028 RasPppoe - ok
11:39:22.0099 5028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:39:22.0100 5028 RasSstp - ok
11:39:22.0119 5028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:39:22.0123 5028 rdbss - ok
11:39:22.0138 5028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:39:22.0139 5028 rdpbus - ok
11:39:22.0154 5028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:39:22.0155 5028 RDPCDD - ok
11:39:22.0175 5028 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:39:22.0178 5028 RDPDR - ok
11:39:22.0191 5028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:39:22.0192 5028 RDPENCDD - ok
11:39:22.0209 5028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:39:22.0209 5028 RDPREFMP - ok
11:39:22.0225 5028 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:39:22.0228 5028 RDPWD - ok
11:39:22.0244 5028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:39:22.0247 5028 rdyboost - ok
11:39:22.0266 5028 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:39:22.0268 5028 RFCOMM - ok
11:39:22.0287 5028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:39:22.0289 5028 rspndr - ok
11:39:22.0307 5028 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:39:22.0311 5028 RTL8167 - ok
11:39:22.0324 5028 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:39:22.0324 5028 s3cap - ok
11:39:22.0341 5028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:39:22.0343 5028 sbp2port - ok
11:39:22.0357 5028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:39:22.0358 5028 scfilter - ok
11:39:22.0377 5028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:39:22.0378 5028 secdrv - ok
11:39:22.0397 5028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:39:22.0398 5028 Serenum - ok
11:39:22.0412 5028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:39:22.0414 5028 Serial - ok
11:39:22.0427 5028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:39:22.0428 5028 sermouse - ok
11:39:22.0448 5028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:39:22.0449 5028 sffdisk - ok
11:39:22.0462 5028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:39:22.0463 5028 sffp_mmc - ok
11:39:22.0476 5028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:39:22.0477 5028 sffp_sd - ok
11:39:22.0490 5028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:39:22.0491 5028 sfloppy - ok
11:39:22.0508 5028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:39:22.0509 5028 SiSRaid2 - ok
11:39:22.0523 5028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:39:22.0525 5028 SiSRaid4 - ok
11:39:22.0539 5028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:39:22.0540 5028 Smb - ok
11:39:22.0558 5028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:39:22.0558 5028 spldr - ok
11:39:22.0584 5028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:39:22.0590 5028 srv - ok
11:39:22.0609 5028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:39:22.0615 5028 srv2 - ok
11:39:22.0630 5028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:39:22.0633 5028 srvnet - ok
11:39:22.0650 5028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:39:22.0651 5028 stexstor - ok
11:39:22.0666 5028 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:39:22.0667 5028 storflt - ok
11:39:22.0682 5028 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:39:22.0683 5028 storvsc - ok
11:39:22.0696 5028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:39:22.0697 5028 swenum - ok
11:39:22.0741 5028 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:39:22.0757 5028 Tcpip - ok
11:39:22.0791 5028 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:39:22.0799 5028 TCPIP6 - ok
11:39:22.0814 5028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:39:22.0815 5028 tcpipreg - ok
11:39:22.0829 5028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:39:22.0830 5028 TDPIPE - ok
11:39:22.0844 5028 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:39:22.0844 5028 TDTCP - ok
11:39:22.0859 5028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:39:22.0861 5028 tdx - ok
11:39:22.0874 5028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:39:22.0875 5028 TermDD - ok
11:39:22.0899 5028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:39:22.0900 5028 tssecsrv - ok
11:39:22.0913 5028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:39:22.0914 5028 TsUsbFlt - ok
11:39:22.0928 5028 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:39:22.0929 5028 TsUsbGD - ok
11:39:22.0943 5028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:39:22.0945 5028 tunnel - ok
11:39:22.0958 5028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:39:22.0959 5028 uagp35 - ok
11:39:22.0977 5028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:39:22.0982 5028 udfs - ok
11:39:23.0001 5028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:39:23.0002 5028 uliagpkx - ok
11:39:23.0016 5028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:39:23.0017 5028 umbus - ok
11:39:23.0030 5028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:39:23.0031 5028 UmPass - ok
11:39:23.0049 5028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:39:23.0051 5028 usbccgp - ok
11:39:23.0066 5028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:39:23.0068 5028 usbcir - ok
11:39:23.0082 5028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:39:23.0083 5028 usbehci - ok
11:39:23.0100 5028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:39:23.0105 5028 usbhub - ok
11:39:23.0118 5028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:39:23.0119 5028 usbohci - ok
11:39:23.0132 5028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:39:23.0133 5028 usbprint - ok
11:39:23.0147 5028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:39:23.0148 5028 usbscan - ok
11:39:23.0162 5028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:39:23.0163 5028 USBSTOR - ok
11:39:23.0178 5028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:39:23.0179 5028 usbuhci - ok
11:39:23.0196 5028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:39:23.0197 5028 vdrvroot - ok
11:39:23.0212 5028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:39:23.0213 5028 vga - ok
11:39:23.0226 5028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:39:23.0227 5028 VgaSave - ok
11:39:23.0242 5028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:39:23.0246 5028 vhdmp - ok
11:39:23.0259 5028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:39:23.0260 5028 viaide - ok
11:39:23.0276 5028 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:39:23.0279 5028 vmbus - ok
11:39:23.0291 5028 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:39:23.0292 5028 VMBusHID - ok
11:39:23.0305 5028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:39:23.0306 5028 volmgr - ok
11:39:23.0324 5028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:39:23.0329 5028 volmgrx - ok
11:39:23.0346 5028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:39:23.0350 5028 volsnap - ok
11:39:23.0365 5028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:39:23.0368 5028 vsmraid - ok
11:39:23.0383 5028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:39:23.0384 5028 vwifibus - ok
11:39:23.0401 5028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:39:23.0402 5028 WacomPen - ok
11:39:23.0416 5028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:39:23.0418 5028 WANARP - ok
11:39:23.0421 5028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:39:23.0422 5028 Wanarpv6 - ok
11:39:23.0443 5028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:39:23.0444 5028 Wd - ok
11:39:23.0466 5028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:39:23.0474 5028 Wdf01000 - ok
11:39:23.0498 5028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:39:23.0499 5028 WfpLwf - ok
11:39:23.0513 5028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:39:23.0514 5028 WIMMount - ok
11:39:23.0539 5028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:39:23.0540 5028 WmiAcpi - ok
11:39:23.0559 5028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:39:23.0559 5028 ws2ifsl - ok
11:39:23.0578 5028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:39:23.0580 5028 WudfPf - ok
11:39:23.0596 5028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:39:23.0598 5028 WUDFRd - ok
11:39:23.0605 5028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:39:23.0608 5028 \Device\Harddisk0\DR0 - ok
11:39:23.0610 5028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:39:23.0612 5028 \Device\Harddisk1\DR1 - ok
11:39:23.0613 5028 Boot (0x1200) (b3d03ef30d4f4a0b4a7fd7f9de00659c) \Device\Harddisk0\DR0\Partition0
11:39:23.0614 5028 \Device\Harddisk0\DR0\Partition0 - ok
11:39:23.0615 5028 Boot (0x1200) (aeacf38ca7d9e5c59753f3b7a3f617b4) \Device\Harddisk0\DR0\Partition1
11:39:23.0616 5028 \Device\Harddisk0\DR0\Partition1 - ok
11:39:23.0617 5028 Boot (0x1200) (24e28e30428064b5b9e06cd82d21dd9f) \Device\Harddisk0\DR0\Partition2
11:39:23.0618 5028 \Device\Harddisk0\DR0\Partition2 - ok
11:39:23.0619 5028 Boot (0x1200) (278c777b885c76ef0cfd34dc02a191bf) \Device\Harddisk1\DR1\Partition0
11:39:23.0620 5028 \Device\Harddisk1\DR1\Partition0 - ok
11:39:23.0621 5028 Boot (0x1200) (b9f503d7e2646314adff8dc00f9119c9) \Device\Harddisk1\DR1\Partition1
11:39:23.0622 5028 \Device\Harddisk1\DR1\Partition1 - ok
11:39:23.0622 5028 ============================================================
11:39:23.0622 5028 Scan finished
11:39:23.0622 5028 ============================================================
11:39:23.0627 4660 Detected object count: 0
11:39:23.0627 4660 Actual detected object count: 0
Geändert von Lebowski (01.02.2012 um 11:50 Uhr) Grund: Wort ergänzt |
|
01.02.2012, 12:07
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Aus Sicherheitsgründen wird ihr Windowssystem blockiert. |
|
01.02.2012, 12:35
| #22 |
| | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Hallo Arne, Keine Probleme nach Ausführung von Combofix. Der CF Raport [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-01-31.01 - *** 01.02.2012 12:21:13.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8172.6833 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-01 bis 2012-02-01 ))))))))))))))))))))))))))))))
.
.
2012-02-01 11:23 . 2012-02-01 11:23 -------- d-----w- c:\users\***\AppData\Local\temp
2012-02-01 11:23 . 2012-02-01 11:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-01 10:33 . 2012-02-01 11:10 -------- d-----w- c:\users\***\AppData\Roaming\gtk-2.0
2012-02-01 10:33 . 2012-02-01 10:33 -------- d-----w- c:\users\***\.thumbnails
2012-02-01 10:32 . 2012-02-01 10:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81DF41D8-CCD8-4A25-AE71-118C5AD88D2B}\offreg.dll
2012-02-01 10:32 . 2012-02-01 11:11 -------- d-----w- c:\users\***\.gimp-2.6
2012-01-31 14:38 . 2012-01-31 14:38 -------- d-----w- c:\program files (x86)\ESET
2012-01-31 14:33 . 2012-01-17 03:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81DF41D8-CCD8-4A25-AE71-118C5AD88D2B}\mpengine.dll
2012-01-31 11:35 . 2012-01-31 11:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-31 11:35 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 14:43 . 2012-01-28 14:43 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-01-28 14:40 . 2012-01-28 14:40 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-01-28 14:40 . 2012-01-28 14:40 -------- d-----w- c:\programdata\Malwarebytes
2012-01-12 15:41 . 2012-01-12 15:41 -------- d-----w- c:\users\***\AppData\Local\Apple Computer
2012-01-11 02:01 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 02:01 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 02:01 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 02:01 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 02:01 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 02:01 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 02:01 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 02:01 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-10 19:57 . 2012-01-10 19:57 -------- d-----w- c:\users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-01-10 19:57 . 2012-01-10 19:57 -------- d-----w- c:\users\***\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-01-10 12:44 . 2012-01-10 12:44 -------- d-----w- c:\users\***\AppData\Roaming\IrfanView
2012-01-03 16:55 . 2012-01-03 16:55 -------- d-----w- c:\users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-01-03 09:38 . 2012-01-03 09:38 -------- d-----w- c:\users\***\AppData\Local\Apple
2012-01-02 15:58 . 2012-01-02 15:59 -------- d-----w- c:\users\***\AppData\Roaming\Canon
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 14:34 . 2011-06-01 11:10 163533 ----a-w- c:\programdata\bdinstall.bin
2011-12-07 09:39 . 2010-11-21 03:27 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-15 00:01 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-15 00:01 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-15 00:01 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 01:41 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 01:41 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 01:41 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 01:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 01:41 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 01:41 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 01:41 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 01:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GMX SMS-Manager"="c:\program files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 3539968]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2011-12-24 1080904]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"OTL"="E:\OTL.exe" [2012-01-13 584192]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 89239493
*Deregistered* - 89239493
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"LinkInstaller"="c:\program files\Common Files\LinkInstaller.exe" [2010-07-08 101544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\t358zqw7.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-World Wind Analytic Surface - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bwf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cel"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.flc"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fli"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3940824597-3917486049-4197397709-1000)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kar"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.m15"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.m1a"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.m2a"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.m75"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mpv"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pics"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-3940824597-3917486049-4197397709-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3940824597-3917486049-4197397709-1000)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.qcp"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.qtpf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sfil"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.smf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.smi"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.smil"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sml"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.swa"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-3940824597-3917486049-4197397709-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ulw"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.vfw"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-3940824597-3917486049-4197397709-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:ce,84,29,5f,e6,38,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:92,94,f5,4d,e6,38,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:b4,d3,0f,4e,e6,38,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:e1,94,0a,4d,e6,38,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:91,00,20,4e,e6,38,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-01 12:24:26
ComboFix-quarantined-files.txt 2012-02-01 11:24
.
Vor Suchlauf: 8 Verzeichnis(se), 90.439.884.800 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 90.071.236.608 Bytes frei
.
- - End Of File - - DD700A30BBADFF9FF80C0238935B7D4A
|
|
01.02.2012, 14:19
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2012, 14:37
| #24 |
| | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Hallo Arne, Weder "fixMBR" noch "EXIT" gedrückt. Scannmodus war der default "quick" scann. __________________________ Zwischenstatus: Denn der Rechner ist jetzt wieder flott, wie am ersten Tag. (Zugriff auf die Laufwerke) ___________________________ Hier das aswMBR Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 14:25:33
-----------------------------
14:25:33.084 OS Version: Windows x64 6.1.7601 Service Pack 1
14:25:33.084 Number of processors: 8 586 0x2A07
14:25:33.084 ComputerName: *** UserName: ***
14:25:33.242 Initialize success
14:27:07.759 AVAST engine defs: 12020100
14:27:33.514 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
14:27:33.516 Disk 0 Vendor: Intel___ 1.0. Size: 1907726MB BusType: 8
14:27:33.518 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
14:27:33.521 Disk 1 Vendor: OCZ-VERT 1.29 Size: 152627MB BusType: 8
14:27:33.524 Disk 1 MBR read successfully
14:27:33.527 Disk 1 MBR scan
14:27:33.531 Disk 1 Windows 7 default MBR code
14:27:33.534 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:27:33.538 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
14:27:33.544 Service scanning
14:27:34.283 Modules scanning
14:27:34.288 Disk 1 trace - called modules:
14:27:34.293 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
14:27:34.299 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80085b8790]
14:27:34.304 3 CLASSPNP.SYS[fffff88001a5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071bb050]
14:27:34.483 AVAST engine scan C:\Windows
14:27:35.044 AVAST engine scan C:\Windows\system32
14:28:14.259 AVAST engine scan C:\Windows\system32\drivers
14:28:16.628 AVAST engine scan C:\Users\***
14:28:24.058 AVAST engine scan C:\ProgramData
14:28:29.704 Scan finished successfully
14:28:53.722 Disk 1 MBR has been saved successfully to "E:\MBR.dat"
14:28:53.724 The log file has been saved successfully to "E:\aswMBR.txt"
|
|
01.02.2012, 14:38
| #25 |
| | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Bericht: Hatte beim Versuch zu senden ( Antwort oben) 3 mal Time Out...(zum ersten mal) |
|
01.02.2012, 15:30
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2012, 15:42
| #27 |
| | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Hallo Arne, Bin unsicher weil es auch von dir schon hieß jeden scan mit "fixen" zu beenden - Avast beenden ohne Fix MBR (FIX ist nicht auswählbar)? - Soll ich beim ESET diesmal die externe Platte der Datensicherung anschließen (welches ich beim 1.ESET scann vergessen hatte)? Danke Dir! |
|
01.02.2012, 15:49
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wird ihr Windowssystem blockiert.Zitat:
 Nur bei Malwarebytes sollen alle Funde entfernt werden Steht doch auch so in den einzelnen Anleitungen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2012, 17:59
| #29 |
| | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Hier der Bericht von Malwarebyte Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.01.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] 01.02.2012 15:58:06 mbam-log-2012-02-01 (15-58-06).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 483088 Laufzeit: 11 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
01.02.2012, 18:02
| #30 |
| | Aus Sicherheitsgründen wird ihr Windowssystem blockiert. Einmal Superantispyware (Mist 5 Funde; Ich dachte wenn man FF so einstellt: "mitteilen, daß man nicht verfolgt werden will" sollte sowas nicht da sein?) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/01/2012 at 05:14 PM
Application Version : 5.0.1142
Core Rules Database Version : 8187
Trace Rules Database Version: 5999
Scan type : Complete Scan
Total Scan Time : 00:47:45
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 803
Memory threats detected : 0
Registry items scanned : 46108
Registry threats detected : 0
File items scanned : 350283
File threats detected : 5
Adware.Tracking Cookie
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\9PWQMU1T.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\C3829FHC.txt [ Cookie:***@ad.yieldmanager.com/ ]
C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\IL7N0P9G.txt [ Cookie:***@doubleclick.net/ ]
C:\USERS\***\Cookies\9PWQMU1T.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
C:\USERS\***\Cookies\C3829FHC.txt [ Cookie:***@ad.yieldmanager.com/ ]
|
|
| Themen zu Aus Sicherheitsgründen wird ihr Windowssystem blockiert. |
| anweisung, beachten, benutzerkonto, besten, blockiert, code, daten, ebenfalls, falsch, fehlermeldung, festplatte, folge, folgende, gestartet, internetverbindung, laufwerke, neuer, panda, platte, rechner, störung, trojan.agent, verbindung |
Linear-Darstellung
