| |
| |||||||
Log-Analyse und Auswertung: Achtung! Ihr Computer wurde gesperrt (Win Vista)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.02.2012, 17:01
| #1 |
| |  Achtung! Ihr Computer wurde gesperrt (Win Vista) Sehr geehrtes Trojaner-Board Team, vielen Dank, dass es Euch gibt! Ich habe ein WinVista system mit 32 Bit, und habe mir wie viele Vorposter eingefangen, der meinen PC im nicht abgesicherten Modus sperrt. Es erscheint eine Meldung, die vorgibt vom Microsoft Security Center zu kommen mit dem sinngemäßen Inhalt: 100 € innerhalb von 24 h zahlen oder alle persönlichen Daten werden gelöscht etc. Ich habe einen Vollscan mit Malewarebytes durchgeführt (Dauer 1-2 Stunden). Füre jede Art von Hilfe was ich jetzt tuen soll wäre ich sehr dankbar. Den Inhalt des Logs habe ich unten in einen Tag gepackt, und starte den PC jetzt neu, weil Maleware das zum Entfernen der gefundenen Objekte so haben möchte. Code:
ATTFilter Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 12
HKCR\Typelib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\VirRLWarning.WarningBHO (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\VirRLWarning.WarningBHO.1 (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\e405.e405mgr (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A81EBFD7-0FA3-41EC-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.VUPX.ON1) -> Daten: C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securewebinfo.com (Trojan.Zlob) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.safetyincludes.com (Trojan.Zlob) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securemanaging.com (Trojan.Zlob) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|start (Trojan.Zlob) -> Daten: C:\Program Files\Applications\iebtm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 13
HKCU\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 1
C:\Windows\System32\675873 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 13
C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3632b8e3-3b5c011c (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\IUSR_NMPR\Desktop\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\Favorites\Antivirus Scan.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\Documents\My Documents.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
|
|
05.02.2012, 20:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Achtung! Ihr Computer wurde gesperrt (Win Vista) Log ist unvollständig, der Kopf fehlt. Logs immer vollständig posten!
__________________
__________________ |
|
05.02.2012, 23:21
| #3 |
| | Achtung! Ihr Computer wurde gesperrt (Win Vista) Oh, tut mir Leid, habe ich gar nicht gemerkt.
__________________Ich habe zwischenzeitlich geguckt, ob der PC im normalen Modus wieder läuft. Das tut er anscheinend ganz normal. Muss ich deswegen den Scan nochmal starten? Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.04.02 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.19170 Besitzer :: BESITZER-PC [Administrator] Schutz: Deaktiviert 04.02.2012 14:52:10 mbam-log-2012-02-04 (14-52-10).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 513943 Laufzeit: 1 Stunde(n), 42 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 12 HKCR\Typelib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\VirRLWarning.WarningBHO (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\VirRLWarning.WarningBHO.1 (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\e405.e405mgr (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A81EBFD7-0FA3-41EC-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.VUPX.ON1) -> Daten: C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securewebinfo.com (Trojan.Zlob) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.safetyincludes.com (Trojan.Zlob) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securemanaging.com (Trojan.Zlob) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|start (Trojan.Zlob) -> Daten: C:\Program Files\Applications\iebtm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 13 HKCU\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 1 C:\Windows\System32\675873 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 13 C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3632b8e3-3b5c011c (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\IUSR_NMPR\Desktop\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Besitzer\Favorites\Antivirus Scan.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Besitzer\Documents\My Documents.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
05.02.2012, 23:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Computer wurde gesperrt (Win Vista) Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.02.2012, 07:47
| #5 |
| | Achtung! Ihr Computer wurde gesperrt (Win Vista) Hallo Arne, danke für die weitere Hilfe. Hier das Log. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=474780e7505edf448ccc6a0ab651a3b8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-07 12:17:39
# local_time=2012-02-07 01:17:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 154832 166093473 0 0
# compatibility_mode=8192 67108863 100 0 3910 3910 0 0
# scanned=315977
# found=12
# cleaned=0
# scan_time=13114
C:\Program Files\Uniblue\RegistryBooster 2010\Launcher.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster 2010\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\AppData\Local\Temp\ICReinstall\Facemoods.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\27209327-47ce5d18 probably a variant of Java/Exploit.CVE-2011-3544.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\Downloads\eMule\Temp\014.part a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\Downloads\eMule\Temp\022.part a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\Downloads\eMule\Temp\028.part a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\Downloads\eMule\Temp\031.part a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\Downloads\eMule\Temp\034.part a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\Downloads\eMule\Temp\039.part a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Besitzer\Downloads\eMule\Temp\046.part a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
|
|
07.02.2012, 12:22
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Computer wurde gesperrt (Win Vista)Zitat:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows. Funktioniert der normale Modus wieder? Wenn ja: Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Achtung! Ihr Computer wurde gesperrt (Win Vista) |
|
08.02.2012, 18:27
| #7 |
| | Achtung! Ihr Computer wurde gesperrt (Win Vista) OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.02.2012 18:01:29 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Besitzer\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 54,15% Memory free 6,71 Gb Paging File | 5,14 Gb Available in Paging File | 76,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 458,27 Gb Total Space | 48,58 Gb Free Space | 10,60% Space Free | Partition Type: NTFS Drive D: | 7,49 Gb Total Space | 1,00 Gb Free Space | 13,38% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 420,07 Gb Free Space | 90,19% Space Free | Partition Type: NTFS Drive G: | 3,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 74,52 Gb Total Space | 23,38 Gb Free Space | 31,38% Space Free | Partition Type: NTFS Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.08 17:57:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Downloads\OTL.exe PRC - [2012.02.02 10:24:42 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe PRC - [2012.01.25 18:49:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.05 15:27:31 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.16 20:02:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2011.11.11 20:51:26 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.12.22 18:43:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.09 05:19:16 | 000,054,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jureg.exe PRC - [2008.12.04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2008.10.28 23:01:22 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2008.10.28 23:00:40 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe PRC - [2008.10.28 23:00:08 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2008.10.24 13:33:00 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008.10.08 10:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE PRC - [2008.09.30 15:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2008.09.30 15:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.09.27 00:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE PRC - [2008.06.10 19:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 08:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2008.01.15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.10.19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2007.10.19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.05.29 16:19:08 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe PRC - [2007.02.10 04:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2007.02.10 04:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2007.01.09 15:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe PRC - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2007.01.04 18:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe PRC - [2006.09.03 10:32:28 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe PRC - [2005.03.08 11:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe PRC - [2005.03.04 10:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE ========== Modules (No Company Name) ========== MOD - [2012.01.14 14:53:36 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HPAdvisor\f727af852ac72afb83a7c51fc6d83216\HPAdvisor.ni.exe MOD - [2012.01.14 14:53:31 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll MOD - [2012.01.14 14:53:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll MOD - [2012.01.05 15:27:28 | 014,410,024 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll MOD - [2012.01.05 15:27:14 | 000,194,344 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll MOD - [2012.01.05 15:27:13 | 000,155,432 | ---- | M] () -- C:\Programme\Steam\bin\avformat-52.dll MOD - [2012.01.05 15:27:13 | 000,091,432 | ---- | M] () -- C:\Programme\Steam\bin\avutil-50.dll MOD - [2012.01.05 15:27:12 | 000,914,216 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-52.dll MOD - [2011.10.13 16:56:02 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll MOD - [2011.10.13 15:59:23 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll MOD - [2011.10.13 15:58:39 | 000,338,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemStatus\2978900797f76c3eb4088ee4d4476224\SystemStatus.ni.dll MOD - [2011.10.13 15:58:38 | 000,022,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RemotingClient\017c1b1f5d669fa74a6ed0a8d694eaaa\RemotingClient.ni.dll MOD - [2011.10.13 15:58:35 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingServer\cd3b5fd7e08aed4e0e1ecd31427133b0\MessagingServer.ni.dll MOD - [2011.10.13 15:58:35 | 000,055,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingMessages\1e85cab1b4739e504064dec7d9e273c8\MessagingMessages.ni.dll MOD - [2011.10.13 15:58:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingInterface\27b7334560c8b098e5ae12db6fd4f86a\MessagingInterface.ni.dll MOD - [2011.10.13 15:58:34 | 000,059,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingClients\072a39aba91486f3bd912925141465e2\MessagingClients.ni.dll MOD - [2011.10.13 15:58:32 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Content\e15bf096f987e63379ae59e34a0d6502\Content.ni.dll MOD - [2011.10.13 15:58:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CeeWrtier\7c0dcd11d8a241e3f6051863f6afe497\CeeWrtier.ni.dll MOD - [2011.10.13 15:58:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011.10.13 15:31:41 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.10.13 15:31:25 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.10.13 15:31:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.10.13 15:31:09 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll MOD - [2011.10.13 15:30:58 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c472b6ac873a7ff2ebc5bb9eb0f9ce0\PresentationFramework.Classic.ni.dll MOD - [2011.10.13 15:30:56 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll MOD - [2011.10.13 15:30:39 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll MOD - [2011.10.13 15:30:27 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll MOD - [2011.10.13 15:30:24 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.10.13 15:29:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011.06.19 14:24:21 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2010.11.09 04:08:50 | 000,351,800 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll MOD - [2010.11.09 04:08:48 | 001,502,264 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.08.05 11:26:14 | 000,061,440 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2009.08.05 11:26:12 | 000,131,072 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2009.08.05 11:25:50 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 02:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2008.12.03 14:05:26 | 000,135,168 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008.11.26 10:56:02 | 000,057,344 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll MOD - [2008.07.29 13:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2007.11.06 23:20:02 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2007.10.19 12:17:40 | 000,068,120 | ---- | M] () -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.05 15:27:31 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.24 18:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.10.28 23:01:22 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2008.10.28 23:00:40 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2008.10.28 23:00:08 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2008.10.24 13:33:00 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.10.02 18:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2008.06.10 19:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2007.10.19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2007.10.19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.05.29 16:19:08 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv) SRV - [2007.01.13 17:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2007.01.12 13:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2007.01.04 18:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2006.09.11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R) SRV - [2006.09.11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R) SRV - [2006.09.11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R) SRV - [2006.09.11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R) SRV - [2006.09.03 10:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) SRV - [2006.08.31 23:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM) SRV - [2006.05.10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf) SRV - [2005.03.04 10:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.03.04 10:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.10.02 16:27:25 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.02 16:27:24 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32) DRV - [2009.08.18 16:09:20 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.08.16 23:57:00 | 009,545,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.08.03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2009.08.03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2009.08.03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2009.08.03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2009.08.03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2009.08.03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2008.10.28 23:01:34 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2008.10.28 23:01:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2008.10.28 23:01:32 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2008.10.28 23:01:30 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2008.10.28 23:01:28 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2008.10.28 17:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2008.10.28 17:03:28 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb) DRV - [2008.10.28 17:03:28 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2008.10.02 18:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2008.02.26 08:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2008.02.14 02:51:52 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080508.002\IDSvix86.sys -- (IDSvix86) DRV - [2007.11.30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007.11.30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007.11.30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.10.19 12:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007.10.12 03:00:54 | 003,647,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC) DRV - [2007.10.12 03:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 03:00:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus) DRV - [2007.10.12 03:00:08 | 002,091,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2007.10.12 02:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2007.10.11 17:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007.10.11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007.04.14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2007.04.13 14:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) DRV - [2005.02.22 01:00:00 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.Google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.Google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.Google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/ IE - HKLM\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.Google.com/ IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.Google.com/ IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.Google.com/ IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/ IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.Google.com/ IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/ IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.defaultthis.engineName: "Max DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=gppc" FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {53b7f561-e49d-4a38-bc38-0f2642cee09c}:3.9.0.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.14 19:49:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 18:26:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.16 20:03:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.16 20:02:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.25 01:15:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 18:26:17 | 000,000,000 | ---D | M] [2009.01.01 20:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2012.02.07 19:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions [2012.02.07 19:03:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.04 14:38:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.02.07 19:03:17 | 000,000,000 | ---D | M] (Max DE Community Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c} [2010.08.01 22:28:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2011.07.26 23:19:27 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com [2009.12.22 12:23:56 | 000,000,915 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml [2012.02.06 21:42:35 | 000,000,955 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml [2008.10.19 01:35:57 | 000,000,276 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml [2012.02.06 21:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.05.26 22:04:57 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.12.06 22:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.06.08 18:26:17 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2009.02.18 17:58:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009.03.26 13:19:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.12.06 22:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.12.16 20:03:10 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2010.12.06 22:55:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.07.26 23:22:43 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: facemoods (Enabled) CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: WPI Application Detector (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Facemoods = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Google Mail = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O2 - BHO: (Reg Error: Value error.) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Max DE Toolbar) - {53B7F561-E49D-4A38-BC38-0F2642CEE09C} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (P2P Max Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..Trusted Domains: fritz.box ([]* in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137BBA82-2AF6-4D84-97A7-305ED9505D73}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43684FD5-120A-471B-89C1-9EAF2B4C2D17}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77FCAB2C-53E6-4596-9C3B-78D24F359C8E}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Besitzer\Pictures\Ford-Mustang-934.jpg O24 - Desktop BackupWallPaper: C:\Users\Besitzer\Pictures\Ford-Mustang-934.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.11.06 23:27:19 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.09.26 10:56:31 | 000,000,000 | ---D | M] - G:\AutoPlay -- [ CDFS ] O32 - AutoRun File - [2008.10.17 20:30:51 | 001,046,016 | R--- | M] () - G:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2011.02.15 13:28:38 | 000,000,081 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.01.13 16:21:39 | 000,000,000 | ---D | M] - H:\AutomationML -- [ NTFS ] O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2008.10.17 20:30:51 | 001,046,016 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: 00PCTFW - hkey= - key= - File not found MsConfig - StartUpReg: CCUTRAYICON - hkey= - key= - File not found MsConfig - StartUpReg: Comrade.exe - hkey= - key= - C:\Programme\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KbdStub.exe () MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe () MsConfig - StartUpReg: OsdMaestro - hkey= - key= - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) MsConfig - StartUpReg: VirRL2009 - hkey= - key= - File not found MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.) MsConfig - StartUpReg: wblogon - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.) Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.06 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.04 14:49:34 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes [2012.02.04 14:49:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.04 14:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.04 14:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.04 14:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.08 17:46:50 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79E110A4-E473-4187-AE82-7C74B6077D8B}.job [2012.02.08 17:43:36 | 000,062,716 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.02.08 17:43:36 | 000,062,716 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.02.08 17:43:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.08 17:43:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.08 17:43:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.08 17:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.07 22:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.07 17:28:05 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Besitzer.job [2012.02.05 23:05:15 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBesitzer.job [2012.02.04 18:24:30 | 000,002,032 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2012.02.04 14:49:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.04 14:46:51 | 000,224,768 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.04 11:25:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.01.26 15:25:43 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.01.23 22:59:16 | 000,000,588 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - Besitzer.job [2012.01.13 14:35:37 | 000,813,202 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.13 14:35:37 | 000,684,398 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.13 14:35:37 | 000,191,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.13 14:35:37 | 000,159,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.04 14:49:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2010.06.08 18:25:39 | 000,023,664 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.02.26 17:14:19 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI [2010.01.05 21:41:41 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.01.05 21:41:41 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.01.05 21:41:41 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.01.05 21:41:41 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.01.05 21:41:41 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.01.05 21:41:41 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.01.05 21:41:41 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.01.05 21:41:41 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.01.05 21:41:41 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.01.05 21:41:41 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.01.05 21:41:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.01.05 21:41:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.01.05 21:41:41 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.01.05 21:41:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.01.05 21:41:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.01.05 21:41:41 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.01.05 21:41:41 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.01.05 21:41:41 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.01.05 21:41:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.12.18 16:30:17 | 000,000,192 | ---- | C] () -- C:\ProgramData\sandra.ldb [2009.12.18 16:30:01 | 012,206,080 | ---- | C] () -- C:\ProgramData\sandra.mda [2009.10.29 19:16:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.29 19:16:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.23 10:53:21 | 000,062,716 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.10.23 10:53:19 | 000,062,716 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.05 14:26:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.07.10 23:02:16 | 000,161,767 | ---- | C] () -- C:\Windows\hpqins00.dat [2009.06.06 18:58:34 | 000,002,032 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2009.02.12 01:23:25 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.02.12 01:23:24 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.02.03 16:44:00 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll [2008.12.28 14:55:17 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008.11.14 11:43:20 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2008.10.27 11:42:08 | 000,000,376 | ---- | C] () -- C:\Windows\mozregistry.dat [2008.10.19 20:37:52 | 000,000,096 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\fusioncache.dat [2008.10.19 16:10:40 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.10.19 16:10:39 | 000,022,328 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\PnkBstrK.sys [2008.10.19 16:09:49 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.10.19 16:09:43 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.10.19 16:09:42 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2008.10.19 13:57:10 | 000,000,182 | ---- | C] () -- C:\Windows\wininit.ini [2008.10.18 21:18:59 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.10.18 21:17:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.18 21:15:11 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat [2008.09.29 13:33:28 | 000,160,424 | ---- | C] () -- C:\Windows\hpoins15.dat [2008.09.29 13:33:28 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat [2008.04.22 09:02:55 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2008.02.18 19:31:20 | 000,224,768 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.09 09:31:15 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini [2008.01.31 18:23:25 | 000,000,552 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d8caps.dat [2008.01.31 16:42:21 | 000,000,100 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat [2007.11.07 07:31:13 | 000,813,202 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.11.07 07:31:13 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.11.07 07:31:13 | 000,191,688 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.11.07 07:31:13 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.11.06 23:20:37 | 000,114,973 | ---- | C] () -- C:\Windows\hpqins13.dat [2007.11.06 23:09:12 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2007.11.06 23:06:29 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2007.11.06 23:06:29 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2007.10.11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2007.07.19 16:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,361,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,684,398 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,159,558 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.06.23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll ========== LOP Check ========== [2011.03.15 23:37:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ChessBase [2010.03.16 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Epson [2010.04.01 01:01:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FRITZ! [2008.11.29 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ [2011.10.02 04:59:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade [2011.09.21 18:27:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade With Fire and Sword [2008.03.16 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\muvee Technologies [2008.10.24 17:28:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org [2008.10.18 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Opera [2009.12.22 19:24:20 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\shockvoice [2008.01.31 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Template [2011.04.16 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly [2010.01.24 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client [2010.01.18 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft [2009.10.02 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Uniblue [2008.04.14 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinBatch [2012.02.07 22:31:24 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.02.08 17:46:50 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79E110A4-E473-4187-AE82-7C74B6077D8B}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.22 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Adobe [2010.05.22 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Apple Computer [2011.03.15 23:37:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ChessBase [2010.05.12 15:41:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DivX [2011.06.02 01:29:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\dvdcss [2010.03.16 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Epson [2010.04.01 01:01:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FRITZ! [2008.02.08 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Google [2009.10.25 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Hewlett-Packard [2008.09.29 13:49:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\HP [2010.07.07 22:17:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\HPAppData [2008.11.29 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ [2008.01.28 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Identities [2008.10.18 22:08:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\InstallShield [2008.02.08 18:51:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Macromedia [2012.02.04 14:49:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Media Center Programs [2011.12.22 23:45:55 | 000,000,000 | --SD | M] -- C:\Users\Besitzer\AppData\Roaming\Microsoft [2011.10.02 04:59:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade [2011.09.21 18:27:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade With Fire and Sword [2009.01.01 20:58:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mozilla [2008.03.16 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\muvee Technologies [2008.10.24 17:28:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org [2008.10.18 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Opera [2011.12.20 00:55:48 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Real [2008.03.16 14:03:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Roxio [2009.12.22 19:24:20 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\shockvoice [2011.01.08 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Skype [2009.06.17 18:02:00 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sun [2008.10.18 21:17:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Talkback [2012.02.03 21:33:38 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\teamspeak2 [2008.01.31 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Template [2011.04.16 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly [2010.01.24 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client [2010.01.18 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft [2009.10.02 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Uniblue [2009.06.22 15:37:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ventrilo [2008.11.14 21:27:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\vlc [2010.02.26 17:31:52 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\VMware [2008.04.14 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinBatch [2008.03.07 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinRAR [2010.05.12 15:34:23 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2011.06.19 14:23:35 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2008.04.17 10:26:20 | 000,010,134 | R--- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe [2008.04.04 18:19:04 | 000,010,134 | R--- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe [2010.07.10 22:48:04 | 000,673,610 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe [2010.03.13 15:58:06 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\setup3.10\setup.exe [2010.05.28 19:22:19 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\setup3.11\setup.exe [2011.01.25 23:16:31 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\setup3.13\setup.exe [2011.11.18 19:21:35 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.23 12:17:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.23 12:17:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.23 12:17:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.07 07:39:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.11.07 07:39:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Files - Unicode (All) ========== [2009.12.21 23:23:09 | 001,389,056 | ---- | M] ()(C:\Users\Besitzer\Desktop\Pr?si 22.12.2009 Version 5.0.ppt) -- C:\Users\Besitzer\Desktop\Pr�si 22.12.2009 Version 5.0.ppt [2009.12.21 23:23:09 | 001,389,056 | ---- | C] ()(C:\Users\Besitzer\Desktop\Pr?si 22.12.2009 Version 5.0.ppt) -- C:\Users\Besitzer\Desktop\Pr�si 22.12.2009 Version 5.0.ppt [2009.12.19 20:10:37 | 000,024,576 | ---- | M] ()(C:\Users\Besitzer\Desktop\Zu beachten f?r Dokumentation und vor allem f?r die Pr?si.doc) -- C:\Users\Besitzer\Desktop\Zu beachten f�r Dokumentation und vor allem f�r die Pr�si.doc [2009.12.19 20:10:37 | 000,024,576 | ---- | C] ()(C:\Users\Besitzer\Desktop\Zu beachten f?r Dokumentation und vor allem f?r die Pr?si.doc) -- C:\Users\Besitzer\Desktop\Zu beachten f�r Dokumentation und vor allem f�r die Pr�si.doc [2009.11.18 16:14:05 | 000,041,984 | ---- | M] ()(C:\Users\Besitzer\Desktop\Konzept f?r Vorbereitungsblock.doc) -- C:\Users\Besitzer\Desktop\Konzept f�r Vorbereitungsblock.doc [2009.11.18 16:14:04 | 000,041,984 | ---- | C] ()(C:\Users\Besitzer\Desktop\Konzept f?r Vorbereitungsblock.doc) -- C:\Users\Besitzer\Desktop\Konzept f�r Vorbereitungsblock.doc [2009.06.11 19:38:12 | 000,611,840 | ---- | M] ()(C:\Users\Besitzer\Documents\EVB_Pr?si_martin_Samir.ppt) -- C:\Users\Besitzer\Documents\EVB_Pr�si_martin_Samir.ppt [2009.06.11 19:38:10 | 000,611,840 | ---- | C] ()(C:\Users\Besitzer\Documents\EVB_Pr?si_martin_Samir.ppt) -- C:\Users\Besitzer\Documents\EVB_Pr�si_martin_Samir.ppt [2009.06.01 15:51:43 | 000,026,749 | ---- | M] ()(C:\Users\Besitzer\Documents\F?rderung von Teamkompetenz_Samir.pdf) -- C:\Users\Besitzer\Documents\F�rderung von Teamkompetenz_Samir.pdf [2009.06.01 15:51:43 | 000,026,749 | ---- | C] ()(C:\Users\Besitzer\Documents\F?rderung von Teamkompetenz_Samir.pdf) -- C:\Users\Besitzer\Documents\F�rderung von Teamkompetenz_Samir.pdf ========== Alternate Data Streams ========== @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:825D5945 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C31F31E6 < End of report > |
|
09.02.2012, 11:37
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Computer wurde gesperrt (Win Vista) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKLM\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Max DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=gppc"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
[2012.02.07 19:03:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.04 14:38:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.02.07 19:03:17 | 000,000,000 | ---D | M] (Max DE Community Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c}
[2010.08.01 22:28:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2011.07.26 23:19:27 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com
[2009.12.22 12:23:56 | 000,000,915 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml
[2012.02.06 21:42:35 | 000,000,955 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml
[2008.10.19 01:35:57 | 000,000,276 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml
2009.05.26 22:04:57 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2011.07.26 23:22:43 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
CHR - Extension: Facemoods = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (Reg Error: Value error.) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Max DE Toolbar) - {53B7F561-E49D-4A38-BC38-0F2642CEE09C} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (P2P Max Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.06 23:27:19 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.13 16:21:39 | 000,000,000 | ---D | M] - H:\AutomationML -- [ NTFS ]
O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2008.10.17 20:30:51 | 001,046,016 | R--- | M] ()
MsConfig - StartUpReg: 00PCTFW - hkey= - key= - File not found
MsConfig - StartUpReg: CCUTRAYICON - hkey= - key= - File not found
MsConfig - StartUpReg: VirRL2009 - hkey= - key= - File not found
MsConfig - StartUpReg: wblogon - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:825D5945
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C31F31E6
:Files
C:\Users\Besitzer\AppData\Roaming\Uniblue
C:\Program Files\Uniblue
C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
C:\Users\Besitzer\Downloads\eMule
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.02.2012, 20:25
| #9 |
| | Achtung! Ihr Computer wurde gesperrt (Win Vista) Vielen Dank für die Hilfe!! Nach ein paar Minuten hat Windows OTL "beendet" mit "Programm reagiert nicht". Nach dem Reboot kam folgender Text: Code:
ATTFilter Files\Folders moved on Reboot...
File move failed. c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll scheduled to be moved on reboot.
File move failed. c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll scheduled to be moved on reboot.
File move failed. G:\autorun.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .
|
|
09.02.2012, 22:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Computer wurde gesperrt (Win Vista) Wiederhol den Fix bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.02.2012, 17:13
| #11 |
| | Achtung! Ihr Computer wurde gesperrt (Win Vista) Vielen lieben Dank, es scheint alles geklappt zu haben!! Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\w\\| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{53b7f561-e49d-4a38-bc38-0f2642cee09c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{72ae8426-3b8d-4ead-b191-8d0ad1c62158} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w\\| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{53b7f561-e49d-4a38-bc38-0f2642cee09c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{72ae8426-3b8d-4ead-b191-8d0ad1c62158} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Max DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Facemoods Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.facemoods.com/?a=gppc" removed from browser.startup.homepage
Prefs.js: ffxtlbr@Facemoods.com:1.3.0 removed from extensions.enabledItems
Prefs.js: smartwebprinting@hp.com:4.60 removed from extensions.enabledItems
C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found.
Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ not found.
Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com\ not found.
File C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml not found.
File C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml not found.
File C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml not found.
Unable to fix default_search_provider items.
File C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .
File c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ not found.
File C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
File C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
File C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
File c:\Programme\Google\GoogleToolbar2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{53b7f561-e49d-4a38-bc38-0f2642cee09c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{72ae8426-3b8d-4ead-b191-8d0ad1c62158} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} not found.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF}\ .
File c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
File C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
File C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File c:\Programme\Google\GoogleToolbar2.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{53B7F561-E49D-4A38-BC38-0F2642CEE09C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53B7F561-E49D-4A38-BC38-0F2642CEE09C}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{72AE8426-3B8D-4EAD-B191-8D0AD1C62158} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72AE8426-3B8D-4EAD-B191-8D0AD1C62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ not found.
File move failed. G:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\00PCTFW\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CCUTRAYICON\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\VirRL2009\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\wblogon\ not found.
Unable to delete ADS C:\ProgramData\TEMP:825D5945 .
Unable to delete ADS C:\ProgramData\TEMP:C31F31E6 .
========== FILES ==========
File\Folder C:\Users\Besitzer\AppData\Roaming\Uniblue not found.
File\Folder C:\Program Files\Uniblue not found.
File\Folder C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe not found.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
File\Folder C:\Users\Besitzer\Downloads\eMule not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Besitzer
->Temp folder emptied: 700095 bytes
->Temporary Internet Files folder emptied: 33521 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25346440 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1047 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 314406457 bytes
RecycleBin emptied: 8205124326 bytes
Total Files Cleaned = 8.150,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02112012_154715
Files\Folders moved on Reboot...
File move failed. G:\autorun.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000006853BEF54980C6EEAF not found!
File\Folder C:\Windows\temp\TMP000000691218B65509F332A8 not found!
File\Folder C:\Windows\temp\TMP0000006EBAAD5C4C8E77FEED not found!
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .
|
|
12.02.2012, 14:22
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Computer wurde gesperrt (Win Vista) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2012, 21:46
| #13 |
| | Achtung! Ihr Computer wurde gesperrt (Win Vista) Ich kann auf alle persönlichen Dokumente, Programme, etc. zugreifen. Das Ergebenis vom TDSS-Killer lautet wie folgt: Code:
ATTFilter 21:39:36.0838 5224 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
21:39:38.0840 5224 ============================================================
21:39:38.0840 5224 Current date / time: 2012/02/13 21:39:38.0840
21:39:38.0840 5224 SystemInfo:
21:39:38.0840 5224
21:39:38.0840 5224 OS Version: 6.0.6002 ServicePack: 2.0
21:39:38.0840 5224 Product type: Workstation
21:39:38.0840 5224 ComputerName: BESITZER-PC
21:39:38.0840 5224 UserName: Besitzer
21:39:38.0841 5224 Windows directory: C:\Windows
21:39:38.0841 5224 System windows directory: C:\Windows
21:39:38.0841 5224 Processor architecture: Intel x86
21:39:38.0841 5224 Number of processors: 4
21:39:38.0841 5224 Page size: 0x1000
21:39:38.0841 5224 Boot type: Normal boot
21:39:38.0841 5224 ============================================================
21:39:40.0250 5224 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:39:40.0275 5224 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:39:40.0278 5224 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:39:40.0691 5224 \Device\Harddisk0\DR0:
21:39:40.0692 5224 MBR used
21:39:40.0692 5224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39488EB0
21:39:40.0692 5224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x39488EEF, BlocksNum 0xEFBD52
21:39:40.0692 5224 \Device\Harddisk1\DR1:
21:39:40.0692 5224 MBR used
21:39:40.0692 5224 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:39:40.0692 5224 \Device\Harddisk2\DR2:
21:39:40.0692 5224 MBR used
21:39:40.0708 5224 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x950A5C1
21:39:40.0879 5224 Initialize success
21:39:40.0879 5224 ============================================================
21:40:23.0049 6108 ============================================================
21:40:23.0049 6108 Scan started
21:40:23.0049 6108 Mode: Manual; SigCheck; TDLFS;
21:40:23.0049 6108 ============================================================
21:40:23.0469 6108 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:40:23.0562 6108 ACPI - ok
21:40:23.0633 6108 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:40:23.0662 6108 adp94xx - ok
21:40:23.0717 6108 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:40:23.0731 6108 adpahci - ok
21:40:23.0750 6108 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:40:23.0760 6108 adpu160m - ok
21:40:23.0780 6108 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:40:23.0792 6108 adpu320 - ok
21:40:23.0862 6108 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:40:23.0931 6108 AFD - ok
21:40:23.0980 6108 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:40:23.0990 6108 agp440 - ok
21:40:24.0020 6108 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:40:24.0029 6108 aic78xx - ok
21:40:24.0066 6108 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:40:24.0075 6108 aliide - ok
21:40:24.0089 6108 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:40:24.0099 6108 amdagp - ok
21:40:24.0117 6108 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:40:24.0125 6108 amdide - ok
21:40:24.0139 6108 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:40:24.0300 6108 AmdK7 - ok
21:40:24.0326 6108 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:40:24.0386 6108 AmdK8 - ok
21:40:24.0450 6108 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:40:24.0459 6108 arc - ok
21:40:24.0481 6108 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:40:24.0490 6108 arcsas - ok
21:40:24.0538 6108 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:40:24.0661 6108 AsyncMac - ok
21:40:24.0694 6108 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:40:24.0701 6108 atapi - ok
21:40:24.0781 6108 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
21:40:24.0822 6108 atksgt - ok
21:40:24.0879 6108 AVMUNET (077b3692f4376d1539755761feef659a) C:\Windows\system32\DRIVERS\avmunet.sys
21:40:24.0962 6108 AVMUNET - ok
21:40:25.0018 6108 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:40:25.0072 6108 Beep - ok
21:40:25.0086 6108 blbdrive - ok
21:40:25.0139 6108 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:40:25.0195 6108 bowser - ok
21:40:25.0233 6108 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:40:25.0318 6108 BrFiltLo - ok
21:40:25.0345 6108 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:40:25.0392 6108 BrFiltUp - ok
21:40:25.0432 6108 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:40:25.0513 6108 Brserid - ok
21:40:25.0567 6108 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:40:25.0656 6108 BrSerWdm - ok
21:40:25.0684 6108 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:40:25.0755 6108 BrUsbMdm - ok
21:40:25.0777 6108 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:40:25.0840 6108 BrUsbSer - ok
21:40:25.0875 6108 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:40:25.0958 6108 BTHMODEM - ok
21:40:26.0022 6108 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:40:26.0080 6108 cdfs - ok
21:40:26.0124 6108 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:40:26.0187 6108 cdrom - ok
21:40:26.0238 6108 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
21:40:26.0281 6108 circlass - ok
21:40:26.0436 6108 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:40:26.0470 6108 CLFS - ok
21:40:26.0516 6108 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:40:26.0524 6108 cmdide - ok
21:40:26.0540 6108 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:40:26.0549 6108 Compbatt - ok
21:40:26.0572 6108 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:40:26.0580 6108 crcdisk - ok
21:40:26.0601 6108 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:40:26.0662 6108 Crusoe - ok
21:40:26.0750 6108 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:40:26.0814 6108 DfsC - ok
21:40:26.0878 6108 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:40:26.0887 6108 disk - ok
21:40:27.0016 6108 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:40:27.0116 6108 Dot4 - ok
21:40:27.0158 6108 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:40:27.0181 6108 Dot4Print - ok
21:40:27.0216 6108 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:40:27.0238 6108 dot4usb - ok
21:40:27.0287 6108 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:40:27.0325 6108 drmkaud - ok
21:40:27.0387 6108 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:40:27.0460 6108 DXGKrnl - ok
21:40:27.0552 6108 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
21:40:27.0566 6108 e1express - ok
21:40:27.0621 6108 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:40:27.0687 6108 E1G60 - ok
21:40:27.0754 6108 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:40:27.0764 6108 Ecache - ok
21:40:27.0798 6108 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:40:27.0813 6108 elxstor - ok
21:40:27.0860 6108 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:40:27.0915 6108 exfat - ok
21:40:27.0968 6108 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:40:28.0013 6108 fastfat - ok
21:40:28.0054 6108 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:40:28.0122 6108 fdc - ok
21:40:28.0169 6108 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:40:28.0177 6108 FileInfo - ok
21:40:28.0216 6108 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:40:28.0275 6108 Filetrace - ok
21:40:28.0308 6108 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:40:28.0379 6108 flpydisk - ok
21:40:28.0459 6108 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:40:28.0480 6108 FltMgr - ok
21:40:28.0516 6108 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:40:28.0555 6108 Fs_Rec - ok
21:40:28.0588 6108 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:40:28.0597 6108 gagp30kx - ok
21:40:28.0659 6108 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:40:28.0678 6108 GEARAspiWDM - ok
21:40:28.0751 6108 hcmon (dffc465c0a31dd2a86c4dd0a552aded8) C:\Windows\system32\drivers\hcmon.sys
21:40:28.0760 6108 hcmon - ok
21:40:28.0790 6108 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:40:28.0834 6108 HdAudAddService - ok
21:40:28.0874 6108 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:40:28.0930 6108 HDAudBus - ok
21:40:28.0972 6108 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:40:29.0040 6108 HidBth - ok
21:40:29.0084 6108 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
21:40:29.0102 6108 HidIr - ok
21:40:29.0130 6108 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:40:29.0155 6108 HidUsb - ok
21:40:29.0184 6108 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:40:29.0201 6108 HpCISSs - ok
21:40:29.0253 6108 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:40:29.0350 6108 HTTP - ok
21:40:29.0397 6108 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:40:29.0420 6108 i2omp - ok
21:40:29.0454 6108 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:40:29.0472 6108 i8042prt - ok
21:40:29.0535 6108 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
21:40:29.0666 6108 ialm - ok
21:40:29.0759 6108 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:40:29.0780 6108 iaStorV - ok
21:40:29.0901 6108 IDSvix86 (f49b22e2cc15de6e752fc8cb24eb7069) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys
21:40:29.0929 6108 IDSvix86 - ok
21:40:29.0948 6108 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:40:29.0957 6108 iirsp - ok
21:40:30.0037 6108 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
21:40:30.0114 6108 IntcAzAudAddService - ok
21:40:30.0156 6108 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
21:40:30.0164 6108 intelide - ok
21:40:30.0198 6108 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:40:30.0244 6108 intelppm - ok
21:40:30.0287 6108 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:30.0333 6108 IpFilterDriver - ok
21:40:30.0343 6108 IpInIp - ok
21:40:30.0374 6108 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:40:30.0435 6108 IPMIDRV - ok
21:40:30.0467 6108 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:40:30.0511 6108 IPNAT - ok
21:40:30.0574 6108 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:40:30.0644 6108 IRENUM - ok
21:40:30.0757 6108 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:40:30.0766 6108 isapnp - ok
21:40:30.0801 6108 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:40:30.0812 6108 iScsiPrt - ok
21:40:30.0833 6108 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:40:30.0854 6108 iteatapi - ok
21:40:30.0881 6108 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:40:30.0892 6108 iteraid - ok
21:40:30.0902 6108 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:40:30.0911 6108 kbdclass - ok
21:40:30.0944 6108 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:40:30.0980 6108 kbdhid - ok
21:40:31.0030 6108 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:40:31.0050 6108 KSecDD - ok
21:40:31.0136 6108 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
21:40:31.0146 6108 lirsgt - ok
21:40:31.0181 6108 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:40:31.0231 6108 lltdio - ok
21:40:31.0268 6108 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:40:31.0289 6108 LSI_FC - ok
21:40:31.0312 6108 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:40:31.0322 6108 LSI_SAS - ok
21:40:31.0342 6108 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:40:31.0352 6108 LSI_SCSI - ok
21:40:31.0382 6108 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:40:31.0405 6108 luafv - ok
21:40:31.0477 6108 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
21:40:31.0554 6108 LVcKap - ok
21:40:31.0714 6108 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
21:40:31.0814 6108 LVMVDrv - ok
21:40:31.0991 6108 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\Windows\system32\DRIVERS\lvpopflt.sys
21:40:32.0074 6108 lvpopflt - ok
21:40:32.0108 6108 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:40:32.0142 6108 LVPr2Mon - ok
21:40:32.0227 6108 LVRS (26dc8ebcce7d0e49680af6fca7b7aa38) C:\Windows\system32\DRIVERS\lvrs.sys
21:40:32.0334 6108 LVRS - ok
21:40:32.0378 6108 lvselsus (3e0c7b317f2564ca8fc87b90e1d16e66) C:\Windows\system32\DRIVERS\lvselsus.sys
21:40:32.0413 6108 lvselsus - ok
21:40:32.0482 6108 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
21:40:32.0515 6108 LVUSBSta - ok
21:40:32.0639 6108 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\Windows\system32\DRIVERS\lvuvc.sys
21:40:32.0825 6108 LVUVC - ok
21:40:32.0924 6108 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:40:32.0933 6108 MBAMProtector - ok
21:40:32.0969 6108 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:40:32.0978 6108 megasas - ok
21:40:33.0009 6108 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:40:33.0051 6108 Modem - ok
21:40:33.0098 6108 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:40:33.0131 6108 monitor - ok
21:40:33.0160 6108 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:40:33.0175 6108 mouclass - ok
21:40:33.0190 6108 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:40:33.0240 6108 mouhid - ok
21:40:33.0285 6108 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:40:33.0295 6108 MountMgr - ok
21:40:33.0319 6108 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:40:33.0331 6108 mpio - ok
21:40:33.0342 6108 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:40:33.0384 6108 mpsdrv - ok
21:40:33.0418 6108 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:40:33.0427 6108 Mraid35x - ok
21:40:33.0446 6108 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:40:33.0506 6108 MRxDAV - ok
21:40:33.0553 6108 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:33.0618 6108 mrxsmb - ok
21:40:33.0684 6108 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:33.0722 6108 mrxsmb10 - ok
21:40:33.0757 6108 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:33.0793 6108 mrxsmb20 - ok
21:40:33.0826 6108 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:40:33.0835 6108 msahci - ok
21:40:33.0846 6108 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:40:33.0856 6108 msdsm - ok
21:40:33.0894 6108 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:40:33.0944 6108 Msfs - ok
21:40:34.0001 6108 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:40:34.0009 6108 msisadrv - ok
21:40:34.0046 6108 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:40:34.0094 6108 MSKSSRV - ok
21:40:34.0150 6108 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:34.0199 6108 MSPCLOCK - ok
21:40:34.0244 6108 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:40:34.0269 6108 MSPQM - ok
21:40:34.0303 6108 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:40:34.0314 6108 MsRPC - ok
21:40:34.0327 6108 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:40:34.0339 6108 mssmbios - ok
21:40:34.0376 6108 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:40:34.0406 6108 MSTEE - ok
21:40:34.0459 6108 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:40:34.0468 6108 Mup - ok
21:40:34.0519 6108 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:40:34.0547 6108 NativeWifiP - ok
21:40:34.0600 6108 NAVENG - ok
21:40:34.0607 6108 NAVEX15 - ok
21:40:34.0645 6108 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:40:34.0690 6108 NDIS - ok
21:40:34.0763 6108 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:34.0801 6108 NdisTapi - ok
21:40:35.0075 6108 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:35.0099 6108 Ndisuio - ok
21:40:35.0134 6108 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:35.0173 6108 NdisWan - ok
21:40:35.0222 6108 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:40:35.0261 6108 NDProxy - ok
21:40:35.0305 6108 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:40:35.0328 6108 NetBIOS - ok
21:40:35.0490 6108 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:40:35.0535 6108 netbt - ok
21:40:35.0647 6108 netr73 (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys
21:40:35.0716 6108 netr73 - ok
21:40:35.0750 6108 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:40:35.0759 6108 nfrd960 - ok
21:40:35.0898 6108 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:40:35.0930 6108 Npfs - ok
21:40:36.0006 6108 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:40:36.0037 6108 nsiproxy - ok
21:40:36.0158 6108 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:40:36.0204 6108 Ntfs - ok
21:40:36.0251 6108 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:40:36.0330 6108 ntrigdigi - ok
21:40:36.0369 6108 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:40:36.0411 6108 Null - ok
21:40:36.0720 6108 nvlddmkm (c14e3c26a348e359b89b4a02279d76c4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:40:37.0145 6108 nvlddmkm - ok
21:40:37.0175 6108 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:40:37.0209 6108 nvraid - ok
21:40:37.0247 6108 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:40:37.0255 6108 nvstor - ok
21:40:37.0279 6108 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:40:37.0289 6108 nv_agp - ok
21:40:37.0298 6108 NwlnkFlt - ok
21:40:37.0306 6108 NwlnkFwd - ok
21:40:37.0383 6108 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:40:37.0400 6108 ohci1394 - ok
21:40:37.0417 6108 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:40:37.0476 6108 Parport - ok
21:40:37.0516 6108 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:40:37.0524 6108 partmgr - ok
21:40:37.0786 6108 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:40:37.0851 6108 Parvdm - ok
21:40:37.0891 6108 PCDSRVC{D5068648-4046B656-06000000}_0 - ok
21:40:37.0929 6108 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:40:37.0940 6108 pci - ok
21:40:37.0964 6108 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:40:37.0972 6108 pciide - ok
21:40:38.0052 6108 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:40:38.0065 6108 pcmcia - ok
21:40:38.0108 6108 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:40:38.0170 6108 PEAUTH - ok
21:40:38.0220 6108 PID_0928 (3551190e9cf1eb4c0971bdef4269ca25) C:\Windows\system32\DRIVERS\LV561AV.SYS
21:40:38.0246 6108 PID_0928 - ok
21:40:38.0314 6108 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:40:38.0359 6108 PptpMiniport - ok
21:40:38.0392 6108 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:40:38.0454 6108 Processor - ok
21:40:38.0518 6108 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
21:40:38.0569 6108 Ps2 - ok
21:40:38.0631 6108 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:40:38.0680 6108 PSched - ok
21:40:38.0723 6108 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
21:40:38.0732 6108 PxHelp20 - ok
21:40:38.0772 6108 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:40:38.0816 6108 ql2300 - ok
21:40:38.0842 6108 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:40:38.0853 6108 ql40xx - ok
21:40:38.0883 6108 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:40:38.0942 6108 QWAVEdrv - ok
21:40:38.0974 6108 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:40:39.0020 6108 RasAcd - ok
21:40:39.0066 6108 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:39.0115 6108 Rasl2tp - ok
21:40:39.0143 6108 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:39.0183 6108 RasPppoe - ok
21:40:39.0219 6108 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:40:39.0253 6108 RasSstp - ok
21:40:39.0299 6108 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:40:39.0319 6108 rdbss - ok
21:40:39.0350 6108 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:40:39.0396 6108 RDPCDD - ok
21:40:39.0449 6108 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:40:39.0509 6108 rdpdr - ok
21:40:39.0539 6108 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:40:39.0589 6108 RDPENCDD - ok
21:40:39.0648 6108 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:40:39.0685 6108 RDPWD - ok
21:40:39.0935 6108 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
21:40:39.0967 6108 RivaTuner32 ( UnsignedFile.Multi.Generic ) - warning
21:40:39.0967 6108 RivaTuner32 - detected UnsignedFile.Multi.Generic (1)
21:40:40.0007 6108 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:40:40.0031 6108 rspndr - ok
21:40:40.0125 6108 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys
21:40:40.0134 6108 SANDRA - ok
21:40:40.0150 6108 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:40:40.0161 6108 sbp2port - ok
21:40:40.0175 6108 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:40:40.0237 6108 secdrv - ok
21:40:40.0365 6108 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:40:40.0433 6108 Serenum - ok
21:40:40.0466 6108 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:40:40.0511 6108 Serial - ok
21:40:40.0543 6108 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:40:40.0595 6108 sermouse - ok
21:40:40.0632 6108 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
21:40:40.0668 6108 sffdisk - ok
21:40:40.0699 6108 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:40:40.0753 6108 sffp_mmc - ok
21:40:40.0779 6108 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
21:40:40.0829 6108 sffp_sd - ok
21:40:40.0864 6108 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:40:40.0932 6108 sfloppy - ok
21:40:41.0067 6108 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:40:41.0076 6108 sisagp - ok
21:40:41.0093 6108 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:40:41.0102 6108 SiSRaid2 - ok
21:40:41.0123 6108 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:40:41.0133 6108 SiSRaid4 - ok
21:40:41.0163 6108 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:40:41.0241 6108 Smb - ok
21:40:41.0369 6108 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:40:41.0389 6108 SPBBCDrv - ok
21:40:41.0421 6108 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:40:41.0429 6108 spldr - ok
21:40:41.0510 6108 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
21:40:41.0525 6108 SRTSP - ok
21:40:41.0545 6108 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
21:40:41.0560 6108 SRTSPL - ok
21:40:41.0589 6108 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
21:40:41.0597 6108 SRTSPX - ok
21:40:41.0623 6108 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:40:41.0676 6108 srv - ok
21:40:41.0708 6108 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:40:41.0751 6108 srv2 - ok
21:40:41.0797 6108 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:40:41.0831 6108 srvnet - ok
21:40:41.0891 6108 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:40:41.0899 6108 swenum - ok
21:40:41.0930 6108 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:40:41.0938 6108 Symc8xx - ok
21:40:41.0967 6108 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
21:40:41.0975 6108 SYMDNS - ok
21:40:42.0006 6108 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
21:40:42.0017 6108 SymEvent - ok
21:40:42.0046 6108 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
21:40:42.0057 6108 SYMFW - ok
21:40:42.0087 6108 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
21:40:42.0095 6108 SYMIDS - ok
21:40:42.0112 6108 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
21:40:42.0120 6108 SYMNDISV - ok
21:40:42.0150 6108 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
21:40:42.0158 6108 SYMREDRV - ok
21:40:42.0175 6108 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
21:40:42.0187 6108 SYMTDI - ok
21:40:42.0206 6108 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:40:42.0215 6108 Sym_hi - ok
21:40:42.0233 6108 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:40:42.0242 6108 Sym_u3 - ok
21:40:42.0305 6108 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:40:42.0350 6108 Tcpip - ok
21:40:42.0391 6108 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:40:42.0416 6108 Tcpip6 - ok
21:40:42.0461 6108 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:40:42.0490 6108 tcpipreg - ok
21:40:42.0538 6108 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:40:42.0580 6108 TDPIPE - ok
21:40:42.0605 6108 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:40:42.0642 6108 TDTCP - ok
21:40:42.0692 6108 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:40:42.0734 6108 tdx - ok
21:40:42.0777 6108 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:40:42.0786 6108 TermDD - ok
21:40:42.0828 6108 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:40:42.0851 6108 tssecsrv - ok
21:40:42.0906 6108 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:40:42.0959 6108 tunmp - ok
21:40:43.0019 6108 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:40:43.0049 6108 tunnel - ok
21:40:43.0112 6108 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:40:43.0122 6108 uagp35 - ok
21:40:43.0187 6108 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:40:43.0208 6108 udfs - ok
21:40:43.0262 6108 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:40:43.0271 6108 uliagpkx - ok
21:40:43.0310 6108 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:40:43.0322 6108 uliahci - ok
21:40:43.0352 6108 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:40:43.0363 6108 UlSata - ok
21:40:43.0387 6108 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:40:43.0397 6108 ulsata2 - ok
21:40:43.0444 6108 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:40:43.0492 6108 umbus - ok
21:40:43.0577 6108 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:40:43.0620 6108 usbaudio - ok
21:40:43.0650 6108 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:40:43.0694 6108 usbccgp - ok
21:40:43.0736 6108 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
21:40:43.0759 6108 usbcir - ok
21:40:43.0807 6108 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:40:43.0844 6108 usbehci - ok
21:40:43.0893 6108 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:40:43.0935 6108 usbhub - ok
21:40:43.0970 6108 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:40:44.0028 6108 usbohci - ok
21:40:44.0081 6108 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:40:44.0103 6108 usbprint - ok
21:40:44.0165 6108 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:40:44.0183 6108 usbscan - ok
21:40:44.0216 6108 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:40:44.0254 6108 USBSTOR - ok
21:40:44.0297 6108 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:40:44.0337 6108 usbuhci - ok
21:40:44.0390 6108 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:44.0435 6108 vga - ok
21:40:44.0480 6108 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:40:44.0502 6108 VgaSave - ok
21:40:44.0540 6108 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:40:44.0550 6108 viaagp - ok
21:40:44.0577 6108 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:40:44.0632 6108 ViaC7 - ok
21:40:44.0660 6108 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:40:44.0668 6108 viaide - ok
21:40:44.0738 6108 vmci (a131387e5bfdfc27debda8428ea14173) C:\Windows\system32\Drivers\vmci.sys
21:40:44.0747 6108 vmci - ok
21:40:44.0781 6108 vmkbd (9450172735eca807d3ae92bbc04dcb5c) C:\Windows\system32\drivers\VMkbd.sys
21:40:44.0789 6108 vmkbd - ok
21:40:44.0826 6108 VMnetAdapter (898706a05d20b706848a440961c52436) C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:40:44.0834 6108 VMnetAdapter - ok
21:40:44.0851 6108 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:40:44.0860 6108 VMnetBridge - ok
21:40:44.0894 6108 VMnetuserif (7cccbc8a9be8766a32a8d26f52f9f31c) C:\Windows\system32\drivers\vmnetuserif.sys
21:40:44.0902 6108 VMnetuserif - ok
21:40:44.0949 6108 vmusb (25017db6451b002158db425961a82b7b) C:\Windows\system32\Drivers\vmusb.sys
21:40:44.0957 6108 vmusb - ok
21:40:45.0031 6108 vmx86 (3e039755695e7a80fd0f40685ad0f73b) C:\Windows\system32\Drivers\vmx86.sys
21:40:45.0066 6108 vmx86 - ok
21:40:45.0112 6108 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:40:45.0120 6108 volmgr - ok
21:40:45.0157 6108 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:40:45.0171 6108 volmgrx - ok
21:40:45.0201 6108 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:40:45.0213 6108 volsnap - ok
21:40:45.0243 6108 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:40:45.0253 6108 vsmraid - ok
21:40:45.0324 6108 vstor2-ws60 (70652ddbb219083acda28ca0cb0d6663) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
21:40:45.0332 6108 vstor2-ws60 - ok
21:40:45.0368 6108 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:40:45.0423 6108 WacomPen - ok
21:40:45.0465 6108 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:40:45.0505 6108 Wanarp - ok
21:40:45.0507 6108 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:40:45.0525 6108 Wanarpv6 - ok
21:40:45.0556 6108 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:40:45.0565 6108 Wd - ok
21:40:45.0625 6108 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:40:45.0645 6108 Wdf01000 - ok
21:40:45.0701 6108 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:40:45.0740 6108 WmiAcpi - ok
21:40:45.0787 6108 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:40:45.0811 6108 ws2ifsl - ok
21:40:45.0850 6108 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:45.0912 6108 WUDFRd - ok
21:40:45.0953 6108 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
21:40:46.0273 6108 \Device\Harddisk0\DR0 - ok
21:40:46.0274 6108 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
21:40:46.0342 6108 \Device\Harddisk1\DR1 - ok
21:40:46.0343 6108 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
21:40:46.0846 6108 \Device\Harddisk2\DR2 - ok
21:40:46.0846 6108 Boot (0x1200) (42c7dcc75e4c0af6b9a390f616a4edd2) \Device\Harddisk0\DR0\Partition0
21:40:46.0847 6108 \Device\Harddisk0\DR0\Partition0 - ok
21:40:46.0848 6108 Boot (0x1200) (a15d50532b97af183d0b51272bebf9c5) \Device\Harddisk0\DR0\Partition1
21:40:46.0849 6108 \Device\Harddisk0\DR0\Partition1 - ok
21:40:46.0850 6108 Boot (0x1200) (160f47f4d3004a4d86d9dfd80b20f147) \Device\Harddisk1\DR1\Partition0
21:40:46.0851 6108 \Device\Harddisk1\DR1\Partition0 - ok
21:40:46.0852 6108 Boot (0x1200) (ced0df781c18df549d8ccddcb9db49a1) \Device\Harddisk2\DR2\Partition0
21:40:46.0854 6108 \Device\Harddisk2\DR2\Partition0 - ok
21:40:46.0854 6108 ============================================================
21:40:46.0854 6108 Scan finished
21:40:46.0854 6108 ============================================================
21:40:46.0856 3632 Detected object count: 1
21:40:46.0856 3632 Actual detected object count: 1
21:41:14.0319 3632 RivaTuner32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:41:14.0319 3632 RivaTuner32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.02.2012, 23:06
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Computer wurde gesperrt (Win Vista) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2012, 20:35
| #15 |
| | Achtung! Ihr Computer wurde gesperrt (Win Vista) Danke nochmal, dass ein Kompetenzler sich so lange um meine persönlichen PC Probleme kümmert!! [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-02-13.01 - Besitzer 14.02.2012 19:55:39.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3326.1973 [GMT 1:00]
ausgeführt von:: c:\users\Besitzer\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\VirusResponse Lab 2009 2.1
c:\programdata\Microsoft\Windows\Start Menu\Programs\VirusResponse Lab 2009 2.1\VirusResponse Lab 2009 2.1.lnk
c:\programdata\xml5ACF.tmp
c:\programdata\xmlC564.tmp
c:\programdata\xmlC67E.tmp
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\IsUn0407.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-14 bis 2012-02-14 ))))))))))))))))))))))))))))))
.
.
2012-02-14 19:11 . 2012-02-14 19:12 -------- d-----w- c:\users\Besitzer\AppData\Local\temp
2012-02-14 19:11 . 2012-02-14 19:11 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-02-14 19:11 . 2012-02-14 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 19:11 . 2012-02-14 19:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-14 11:03 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F426421-57C5-455B-A95A-A9361EEF3919}\mpengine.dll
2012-02-09 18:48 . 2012-02-09 18:48 -------- d-----w- C:\_OTL
2012-02-06 20:33 . 2012-02-06 20:33 -------- d-----w- c:\program files\ESET
2012-02-04 13:49 . 2012-02-04 13:49 -------- d-----w- c:\users\Besitzer\AppData\Roaming\Malwarebytes
2012-02-04 13:49 . 2012-02-04 13:49 -------- d-----w- c:\programdata\Malwarebytes
2012-02-04 13:49 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-04 13:49 . 2012-02-04 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-31 09:55 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 09:55 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 09:55 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-31 09:55 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 09:55 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 09:55 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-02 23:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 15:59 . 2012-01-12 14:47 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-14 20:26 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-12 14:47 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-12 14:47 66560 ----a-w- c:\windows\system32\packager.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-08 68856]
"Steam"="c:\program files\Steam\Steam.exe" [2011-11-11 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-03-09 54680]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-09 161336]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-16 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\program files\FRITZ!DSL\StCenter.exe [2008-10-18 651264]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-8 394856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 14:33 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-03-16 17:30 25268264 ----a-w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-11 19:51 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-08 17:49 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 15:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-10-28 22:00 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-08 21:19]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:08]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:08]
.
2012-02-05 c:\windows\Tasks\HPCeeScheduleForBesitzer.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-06 15:55]
.
2012-01-23 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Besitzer.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-13 18:09]
.
2012-02-11 c:\windows\Tasks\Norton Security Scan for Besitzer.job
- c:\progra~1\NORTON~3\Engine\351~1.8\Nss.exe [2011-12-09 23:02]
.
2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{79E110A4-E473-4187-AE82-7C74B6077D8B}.job
- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchMigratedDefaultURL =
uDefault_Search_URL =
mStart Page =
mSearchMigratedDefaultURL =
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchURL = hxxp://www.Google.com/
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\program files\Uniblue\RegistryBooster 2010\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-14 20:11
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{D5068648-4046B656-06000000}_0]
"ImagePath"="\??\c:\pcdr5\pcdsrvc.pkms"
.
Zeit der Fertigstellung: 2012-02-14 20:21:09
ComboFix-quarantined-files.txt 2012-02-14 19:21
.
Vor Suchlauf: 11 Verzeichnis(se), 53.755.846.656 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 54.121.807.872 Bytes frei
.
- - End Of File - - 0C443AB08E600A4494D7F913AEA16415
|
|
| Themen zu Achtung! Ihr Computer wurde gesperrt (Win Vista) |
| 32 bit, achtung!, besitzer, browser, computer, computer gesperrt 100€, dateien, desktop, entfernen, explorer, gelöscht, gesperrt, helper, ihr computer wurde gesperrt, infizierte, internet, internet explorer, m.exe, microsoft, microsoft security, neu, search.hijacker, searchscopes, security, security center alert, software, spyware, system, system32, temp, trojan.vupx.on1, trojan.zlob, trojaner-board, virusresponse lab 2009, vista, vista 32, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
