|
Log-Analyse und Auswertung: Windows gesperrt - bezahlen...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.03.2012, 17:33 | #1 |
| Windows gesperrt - bezahlen... Hallo, habe die anderen Beiträge zu diesem Thema gelesen. Wäre super wenn mir jemand weiterhelfen könnte. anbei sind die txt.dateien der logs. vielen Dank im Vorraus. |
02.03.2012, 20:10 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt - bezahlen...Zitat:
Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
02.03.2012, 22:53 | #3 |
| Windows gesperrt - bezahlen...Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.02.04 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Oliver Gräßer :: ROOKIE [Administrator] Schutz: Deaktiviert 02.03.2012 20:19:44 mbam-log-2012-03-02 (20-24-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197902 Laufzeit: 4 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{40E72E3E-7529-11DD-B7F6-806E6F6E6963} (Backdoor.Messa) -> Daten: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Oliver Gräßer\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\Oliver Gräßer\AppData\Local\Temp\0.47462910465231734.exe (Exploit.Drop.2) -> Keine Aktion durchgeführt. C:\Users\Oliver Gräßer\AppData\Local\Temp\0.796138540254269.exe (Exploit.Drop.2) -> Keine Aktion durchgeführt. C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f19d73bf4dd0dd4a821ec217323b533f # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-02 07:51:02 # local_time=2012-03-02 08:51:02 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 5398938 5398938 0 0 # compatibility_mode=5892 16776574 100 100 23658 168249871 0 0 # compatibility_mode=8192 67108863 100 0 4131 4131 0 0 # scanned=22267 # found=0 # cleaned=0 # scan_time=719 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f19d73bf4dd0dd4a821ec217323b533f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-02 09:44:34 # local_time=2012-03-02 10:44:34 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 5399697 5399697 0 0 # compatibility_mode=5892 16776574 100 100 24417 168250630 0 0 # compatibility_mode=8192 67108863 100 0 4890 4890 0 0 # scanned=231862 # found=1 # cleaned=0 # scan_time=6772 C:\Program Files\pdfforge Toolbar\SearchSettings.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I |
05.03.2012, 11:25 | #4 |
| Windows gesperrt - bezahlen... kann mir noch jemand weiterhelfen |
05.03.2012, 14:15 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt - bezahlen... Ja. Du könntest mal das umsetzen was man in der Anleitung gepostet hat Zitat:
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates! Und poste alle Logs von Malwarebytes, die im Reiter Logdateien zu sehen sind
__________________ Logfiles bitte immer in CODE-Tags posten |
05.03.2012, 23:20 | #6 |
| Windows gesperrt - bezahlen... mein Fehler,danke für die Info... anbei alle logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.05.08 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Oliver Gräßer :: ROOKIE [Administrator] Schutz: Deaktiviert 05.03.2012 22:12:19 mbam-log-2012-03-05 (22-12-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 394777 Laufzeit: 1 Stunde(n), 1 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.02.04 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Oliver Gräßer :: ROOKIE [Administrator] Schutz: Deaktiviert 02.03.2012 20:19:44 mbam-log-2012-03-02 (20-19-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197902 Laufzeit: 4 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{40E72E3E-7529-11DD-B7F6-806E6F6E6963} (Backdoor.Messa) -> Daten: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Oliver Gräßer\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Oliver Gräßer\AppData\Local\Temp\0.47462910465231734.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Oliver Gräßer\AppData\Local\Temp\0.796138540254269.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 2012/03/05 20:47:22 +0100 ROOKIE (null) MESSAGE Executing scheduled update: Daily 2012/03/05 20:47:24 +0100 ROOKIE (null) ERROR Scheduled update failed: No address found failed with error code 11004 |
06.03.2012, 12:46 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt - bezahlen... Funktioniert jetzt der normale Modus wieder oder nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
06.03.2012, 13:54 | #8 |
| Windows gesperrt - bezahlen... es scheint wieder zu funktionieren muss ich noch ich noch weitere schritte beachten? |
06.03.2012, 14:10 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt - bezahlen... Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
06.03.2012, 16:17 | #10 |
| Windows gesperrt - bezahlen...Code:
ATTFilter OTL logfile created on: 06.03.2012 15:33:05 - Run 2 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Oliver Gräßer\Desktop\Trojaner Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,17% Memory free 6,20 Gb Paging File | 4,93 Gb Available in Paging File | 79,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,00 Gb Total Space | 16,68 Gb Free Space | 21,94% Space Free | Partition Type: NTFS Drive D: | 148,09 Gb Total Space | 147,99 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Computer Name: ROOKIE | User Name: Oliver Gräßer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Oliver Gräßer\Desktop\Trojaner\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Lexware GmbH & Co. KG) PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe (Fujitsu Technology Solutions) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\C&E\OSD\osd.exe (C&E) PRC - C:\Program Files\Lexmark 4800 Series\lxdemon.exe () PRC - C:\Program Files\Lexmark 4800 Series\lxdeamon.exe () PRC - C:\Windows\System32\lxdecoms.exe ( ) PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxdeserv.exe (Lexmark International, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\Belkin\F1U201.401\usbshare.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll () MOD - C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll () MOD - C:\Program Files\Lexmark 4800 Series\lxdemon.exe () MOD - C:\Program Files\Lexmark 4800 Series\app4r.monitor.core.dll () MOD - C:\Program Files\Lexmark 4800 Series\app4r.monitor.common.dll () MOD - C:\Program Files\Lexmark 4800 Series\app4r.devmons.mcmdevmon.dll () MOD - C:\Program Files\Lexmark 4800 Series\app4r.devmons.mcmdevmon.autoplayutil.dll () MOD - C:\Program Files\Lexmark 4800 Series\lxdeamon.exe () MOD - C:\Program Files\Lexmark 4800 Series\lxdescw.dll () MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdedatr.dll () MOD - C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll () MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdecats.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56ita.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56esp.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56brz.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56kor.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56ger.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56fra.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56cht.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56chs.dll () MOD - C:\Program Files\Belkin\F1U201.401\usbshare.exe () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Lexware_Datenbank_Plus) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) SRV - (TestHandler) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe (Fujitsu Technology Solutions) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (OsdService) -- C:\Program Files\C&E\OSD\OsdService\OsdService.exe () SRV - (lxde_device) -- C:\Windows\System32\lxdecoms.exe ( ) SRV - (lxdeCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RTL2832U_IRHID) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys (Realtek) DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (CEBFilter) -- C:\Program Files\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider) DRV - (CEIO) -- C:\Program Files\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider) DRV - (cKBFilter) -- C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found IE - HKU\..\SearchScopes,DefaultScope = IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE IE - HKU\..\SearchScopes\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKU\..\SearchScopes\{402A7386-7397-48A4-AB48-B491835C9908}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE356 IE - HKU\..\SearchScopes\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\..\SearchScopes\{A1804725-6852-46FC-B62D-1F28FF49F4ED}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [lxdeamon] C:\Program Files\Lexmark 4800 Series\lxdeamon.exe () O4 - HKLM..\Run: [lxdemon.exe] C:\Program Files\Lexmark 4800 Series\lxdemon.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe (C&E) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O7 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Free YouTube Download - C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644959B3-FC4D-4DCB-AC67-42F5087751D1}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF0F9B18-BF57-4021-B073-C27A35EFC145}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM File not found Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.05 23:29:04 | 000,000,000 | ---D | C] -- C:\Users\Oliver Gräßer\Desktop\Trojaner [2012.03.02 20:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.02 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\Oliver Gräßer\AppData\Roaming\Malwarebytes [2012.03.02 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.02 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.02 20:16:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.02 20:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.02 17:34:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.02.29 03:02:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.02.05 19:28:06 | 000,000,000 | ---D | C] -- C:\Users\Oliver Gräßer\Documents\Steuererklärung [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.06 15:24:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.06 15:24:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.06 15:16:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.06 13:32:03 | 002,833,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.06 13:32:02 | 007,881,110 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.06 13:32:02 | 002,507,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.06 13:32:02 | 002,252,068 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.06 13:25:31 | 000,223,107 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\nvModes.001 [2012.03.06 13:24:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.06 13:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.06 13:23:58 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.03.06 13:22:43 | 000,001,356 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Local\d3d9caps.dat [2012.03.05 23:33:58 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.03.02 15:31:44 | 000,306,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.28 15:31:54 | 000,223,107 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\nvModes.dat [2012.02.27 14:06:26 | 000,002,653 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2012.lnk [2012.02.21 13:46:36 | 000,133,262 | ---- | M] () -- C:\Users\Oliver Gräßer\Documents\WV Begünstigte 21.02.2012 13;46;36.PDF [2012.02.17 16:40:09 | 316,193,826 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.02.17 16:24:13 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.06 13:23:57 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2012.02.21 13:46:52 | 000,133,262 | ---- | C] () -- C:\Users\Oliver Gräßer\Documents\WV Begünstigte 21.02.2012 13;46;36.PDF [2012.01.23 18:48:59 | 000,000,147 | ---- | C] () -- C:\Windows\ODBC.INI [2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2010.05.15 17:16:04 | 000,001,356 | ---- | C] () -- C:\Users\Oliver Gräßer\AppData\Local\d3d9caps.dat [2010.04.04 16:52:27 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll [2010.04.04 16:50:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL [2010.04.04 16:50:04 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL [2010.04.04 16:48:04 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxderwrd.ini [2010.04.04 16:47:51 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll [2010.04.04 16:47:51 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll [2010.04.04 16:47:50 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll [2010.04.04 16:47:50 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll [2010.04.04 16:47:50 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll [2010.04.04 16:47:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll [2010.04.04 16:47:49 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll [2010.04.04 16:47:49 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll [2010.04.04 16:47:49 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll [2010.04.04 16:47:48 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe [2010.04.04 16:47:47 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll [2010.04.04 16:47:47 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll [2010.04.04 16:47:46 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll [2010.04.04 16:47:46 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe [2010.04.04 16:47:46 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe [2010.04.04 16:47:46 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll ========== LOP Check ========== [2011.12.19 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\1&1 Mail & Media GmbH [2009.02.08 19:40:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\biu software [2011.05.20 21:31:36 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\BOM [2010.01.23 22:15:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Canneverbe_Limited [2011.12.19 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoft [2011.09.18 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.08 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular [2011.01.05 23:26:26 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\eMusic [2009.02.07 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\GlarySoft [2008.12.02 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\IrfanView [2010.04.04 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexmark Productivity Studio [2008.12.15 23:00:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexware [2008.09.13 20:22:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\PeerNetworking [2012.03.02 16:34:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\RayV [2009.03.26 20:15:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Samsung [2008.09.13 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Template [2011.01.21 20:26:39 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\elsterformular [2009.04.17 14:39:55 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\Haufe [2009.05.16 13:31:01 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\Lexmark Productivity Studio [2008.12.15 23:23:03 | 000,000,000 | ---D | M] -- C:\Users\Steuer\AppData\Roaming\Lexware [2012.03.05 23:33:59 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.19 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\1&1 Mail & Media GmbH [2008.09.13 12:32:25 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Adobe [2009.10.10 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\ArcSoft [2011.12.31 10:02:37 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Avira [2009.02.08 19:40:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\biu software [2011.05.20 21:31:36 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\BOM [2010.01.23 22:15:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Canneverbe_Limited [2008.08.31 09:29:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\CyberLink [2010.06.25 10:52:52 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DivX [2011.12.19 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoft [2011.09.18 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.08 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular [2011.01.05 23:26:26 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\eMusic [2008.12.25 11:31:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\FaxCtr [2009.02.07 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\GlarySoft [2008.08.28 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Google [2008.08.28 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Identities [2008.12.15 23:37:13 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\InstallShield [2008.12.02 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\IrfanView [2010.04.04 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexmark Productivity Studio [2008.12.15 23:00:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Lexware [2008.08.28 20:43:32 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Macromedia [2012.03.02 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Media Center Programs [2009.04.11 07:27:36 | 000,000,000 | --SD | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft [2010.03.17 22:35:35 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks [2010.08.01 09:32:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Mozilla [2010.08.01 09:32:51 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Mozilla-Cache [2008.10.05 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Nero [2008.09.13 20:22:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\PeerNetworking [2012.03.02 16:34:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\RayV [2009.03.26 20:15:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Samsung [2008.09.13 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\Template [2008.11.23 01:30:31 | 000,000,000 | ---D | M] -- C:\Users\Oliver Gräßer\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.01.09 22:01:39 | 004,051,632 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_7094_7699.exe [2012.01.09 22:03:01 | 004,048,168 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_7094_7699.exe [2012.01.09 22:04:21 | 004,067,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_7094_7699.exe [2012.01.09 22:05:25 | 004,058,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_7094_7699.exe [2012.01.09 22:06:23 | 004,052,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_7094_7699.exe [2012.01.09 22:07:35 | 004,049,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_7094_7699.exe [2012.01.09 22:08:37 | 004,051,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_7094_7699.exe [2011.10.08 10:32:29 | 011,250,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Oliver Gräßer\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814u.exe [2012.01.23 18:27:24 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{1D081AB0-B1CC-11E0-80C0-005056B12123}\ARPPRODUCTICON.exe [2008.08.28 19:09:32 | 000,008,704 | R--- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}\Icon9A3BC1573.exe [2008.12.15 23:10:57 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{A4E86B6A-6EEC-41FD-8960-26947F0E3353}\ARPPRODUCTICON.exe [2009.01.09 20:23:12 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{D5C8E140-6E6F-11DD-9AA9-0050560400B1}\ARPPRODUCTICON.exe [2009.01.09 20:23:40 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Oliver Gräßer\AppData\Roaming\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe [2010.03.17 22:35:35 | 000,144,053 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks\uninstall.exe [2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Oliver Gräßer\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\drivers\ahcix86s.sys [2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_c617648e\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys [2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys [2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys [2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys [2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVER\SATA\INTEL\iaStor.sys [2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.08.07 13:34:48 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.08.07 13:34:39 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.08.07 13:34:48 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2008.08.07 13:34:58 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2008.08.07 13:35:00 | 006,705,152 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
06.03.2012, 19:48 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt - bezahlen... Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE IE - HKU\..\SearchScopes\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKU\..\SearchScopes\{402A7386-7397-48A4-AB48-B491835C9908}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE356 IE - HKU\..\SearchScopes\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\..\SearchScopes\{A1804725-6852-46FC-B62D-1F28FF49F4ED}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O7 - HKU\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 :Files C:\Program Files\pdfforge Toolbar :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
06.03.2012, 20:17 | #12 |
| Windows gesperrt - bezahlen...Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E2576B3-CBBE-454F-BB1F-B3BD6BF69DC7}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{402A7386-7397-48A4-AB48-B491835C9908}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{402A7386-7397-48A4-AB48-B491835C9908}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72A01BE8-36E6-4E3E-A212-EEAA937D7AC3}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{A1804725-6852-46FC-B62D-1F28FF49F4ED}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1804725-6852-46FC-B62D-1F28FF49F4ED}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully. C:\Program Files\Lexmark Toolbar\toolband.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully. C:\Program Files\WEB.DE Toolbar\IE\uitb.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found. File C:\Program Files\Lexmark Toolbar\toolband.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully. File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found. Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found. File C:\Program Files\Lexmark Toolbar\toolband.dll not found. Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found. File C:\Program Files\Lexmark Toolbar\toolband.dll not found. Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found. File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found. Registry value HKEY_USERS\S-1-5-21-3359374848-750208709-1910855389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\add to &BOM\ deleted successfully. File move failed. C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta scheduled to be moved on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ========== FILES ========== C:\Program Files\pdfforge Toolbar\Res folder moved successfully. C:\Program Files\pdfforge Toolbar folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Oliver Gräßer ->Temp folder emptied: 300770193 bytes ->Temporary Internet Files folder emptied: 1107652437 bytes ->Java cache emptied: 39147454 bytes ->Flash cache emptied: 95213 bytes User: Public User: Steuer ->Temp folder emptied: 2156909 bytes ->Temporary Internet Files folder emptied: 135238340 bytes ->Java cache emptied: 24268233 bytes ->Flash cache emptied: 24447 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 79431643 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11026356 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 19689711 bytes RecycleBin emptied: 5258760 bytes Total Files Cleaned = 1.645,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.34.0 log created on 03062012_195553 Files\Folders moved on Reboot... File\Folder C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta not found! File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VYDCNNB3\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=1;ord=5892113329[1] not found! File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VYDCNNB3\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=5;ord=5892113329[1] not found! File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4U0BLN4Q\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=3;ord=5892113329[1] not found! File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2GB73HT2\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=2;ord=5892113329[1] not found! File\Folder C:\Users\Oliver Gräßer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2GB73HT2\n=Europa;w_lan=DE;w_reg=BW;w_ort=Cleebronn;w_plz=74389;w_tmi=9;w_tma=15;w_pic=1;w_wx=2;xx=pl;xx=wp;xx=pb;xx=pr;wefo=pu1;wefo=fb2;wefo=rt1;wefo=sc1;tile=4;ord=5892113329[1] not found! File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot. Registry entries deleted on Reboot... |
06.03.2012, 20:21 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt - bezahlen... Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
06.03.2012, 20:53 | #14 |
| Windows gesperrt - bezahlen...Code:
ATTFilter 20:48:07.0727 4908 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39 20:48:07.0976 4908 ============================================================ 20:48:07.0976 4908 Current date / time: 2012/03/06 20:48:07.0976 20:48:07.0976 4908 SystemInfo: 20:48:07.0976 4908 20:48:07.0976 4908 OS Version: 6.0.6002 ServicePack: 2.0 20:48:07.0976 4908 Product type: Workstation 20:48:07.0976 4908 ComputerName: ROOKIE 20:48:07.0976 4908 UserName: Oliver Gräßer 20:48:07.0976 4908 Windows directory: C:\Windows 20:48:07.0976 4908 System windows directory: C:\Windows 20:48:07.0976 4908 Processor architecture: Intel x86 20:48:07.0976 4908 Number of processors: 2 20:48:07.0976 4908 Page size: 0x1000 20:48:07.0976 4908 Boot type: Normal boot 20:48:07.0976 4908 ============================================================ 20:48:08.0866 4908 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:48:08.0881 4908 \Device\Harddisk0\DR0: 20:48:08.0881 4908 MBR used 20:48:08.0881 4908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0x9800800 20:48:08.0881 4908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA995000, BlocksNum 0x12830170 20:48:08.0990 4908 Initialize success 20:48:08.0990 4908 ============================================================ 20:50:29.0406 4212 ============================================================ 20:50:29.0406 4212 Scan started 20:50:29.0406 4212 Mode: Manual; SigCheck; TDLFS; 20:50:29.0406 4212 ============================================================ 20:50:29.0936 4212 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 20:50:30.0155 4212 ACPI - ok 20:50:30.0217 4212 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 20:50:30.0248 4212 adp94xx - ok 20:50:30.0295 4212 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 20:50:30.0326 4212 adpahci - ok 20:50:30.0358 4212 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 20:50:30.0373 4212 adpu160m - ok 20:50:30.0404 4212 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 20:50:30.0436 4212 adpu320 - ok 20:50:30.0498 4212 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 20:50:30.0545 4212 Afc - ok 20:50:30.0607 4212 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 20:50:30.0685 4212 AFD - ok 20:50:30.0748 4212 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 20:50:30.0763 4212 agp440 - ok 20:50:30.0826 4212 ahcix86s (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys 20:50:30.0841 4212 ahcix86s - ok 20:50:30.0872 4212 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 20:50:30.0904 4212 aic78xx - ok 20:50:30.0935 4212 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 20:50:30.0950 4212 aliide - ok 20:50:30.0982 4212 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 20:50:30.0997 4212 amdagp - ok 20:50:31.0028 4212 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 20:50:31.0044 4212 amdide - ok 20:50:31.0075 4212 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 20:50:31.0216 4212 AmdK7 - ok 20:50:31.0247 4212 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 20:50:31.0309 4212 AmdK8 - ok 20:50:31.0403 4212 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 20:50:31.0418 4212 arc - ok 20:50:31.0465 4212 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 20:50:31.0481 4212 arcsas - ok 20:50:31.0512 4212 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 20:50:31.0590 4212 AsyncMac - ok 20:50:31.0621 4212 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 20:50:31.0652 4212 atapi - ok 20:50:31.0715 4212 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys 20:50:31.0730 4212 avgntflt - ok 20:50:31.0762 4212 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys 20:50:31.0777 4212 avipbb - ok 20:50:31.0808 4212 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 20:50:31.0824 4212 avkmgr - ok 20:50:31.0855 4212 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 20:50:31.0918 4212 Beep - ok 20:50:31.0964 4212 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 20:50:32.0027 4212 blbdrive - ok 20:50:32.0074 4212 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 20:50:32.0136 4212 bowser - ok 20:50:32.0183 4212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 20:50:32.0292 4212 BrFiltLo - ok 20:50:32.0323 4212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 20:50:32.0386 4212 BrFiltUp - ok 20:50:32.0432 4212 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 20:50:32.0651 4212 Brserid - ok 20:50:32.0682 4212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 20:50:32.0776 4212 BrSerWdm - ok 20:50:32.0791 4212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 20:50:32.0885 4212 BrUsbMdm - ok 20:50:32.0900 4212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 20:50:32.0994 4212 BrUsbSer - ok 20:50:33.0056 4212 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 20:50:33.0103 4212 BthEnum - ok 20:50:33.0150 4212 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 20:50:33.0212 4212 BTHMODEM - ok 20:50:33.0259 4212 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 20:50:33.0337 4212 BthPan - ok 20:50:33.0400 4212 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 20:50:33.0509 4212 BTHPORT - ok 20:50:33.0556 4212 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 20:50:33.0602 4212 BTHUSB - ok 20:50:33.0680 4212 Cam5603D (166eba385178229475b6aeb950e0a082) C:\Windows\system32\Drivers\BisonCam.sys 20:50:33.0805 4212 Cam5603D - ok 20:50:33.0868 4212 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 20:50:33.0930 4212 cdfs - ok 20:50:33.0992 4212 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 20:50:34.0039 4212 cdrom - ok 20:50:34.0117 4212 CEBFilter (039f27ea2344c541cb6a0ef288bc8996) C:\Program Files\C&E\OSD\OsdService\cebuffer.sys 20:50:34.0133 4212 CEBFilter ( UnsignedFile.Multi.Generic ) - warning 20:50:34.0133 4212 CEBFilter - detected UnsignedFile.Multi.Generic (1) 20:50:34.0148 4212 CEIO (147019abeb922507f2fa107032c480ce) C:\Program Files\C&E\OSD\OsdService\ceio.sys 20:50:34.0148 4212 CEIO ( UnsignedFile.Multi.Generic ) - warning 20:50:34.0148 4212 CEIO - detected UnsignedFile.Multi.Generic (1) 20:50:34.0195 4212 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 20:50:34.0258 4212 circlass - ok 20:50:34.0273 4212 cKBFilter (cb11e608025aa6e601ff0c097e6009bd) C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys 20:50:34.0289 4212 cKBFilter ( UnsignedFile.Multi.Generic ) - warning 20:50:34.0289 4212 cKBFilter - detected UnsignedFile.Multi.Generic (1) 20:50:34.0351 4212 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 20:50:34.0382 4212 CLFS - ok 20:50:34.0460 4212 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 20:50:34.0507 4212 CmBatt - ok 20:50:34.0538 4212 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 20:50:34.0554 4212 cmdide - ok 20:50:34.0585 4212 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 20:50:34.0601 4212 Compbatt - ok 20:50:34.0616 4212 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 20:50:34.0648 4212 crcdisk - ok 20:50:34.0663 4212 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 20:50:34.0726 4212 Crusoe - ok 20:50:34.0804 4212 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 20:50:34.0866 4212 DfsC - ok 20:50:34.0975 4212 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 20:50:34.0991 4212 disk - ok 20:50:35.0069 4212 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 20:50:35.0131 4212 drmkaud - ok 20:50:35.0225 4212 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 20:50:35.0350 4212 DXGKrnl - ok 20:50:35.0428 4212 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 20:50:35.0490 4212 E1G60 - ok 20:50:35.0552 4212 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 20:50:35.0584 4212 Ecache - ok 20:50:35.0630 4212 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 20:50:35.0662 4212 elxstor - ok 20:50:35.0708 4212 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 20:50:35.0771 4212 ErrDev - ok 20:50:35.0849 4212 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 20:50:35.0927 4212 exfat - ok 20:50:35.0974 4212 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 20:50:36.0020 4212 fastfat - ok 20:50:36.0067 4212 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 20:50:36.0130 4212 fdc - ok 20:50:36.0176 4212 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 20:50:36.0192 4212 FileInfo - ok 20:50:36.0223 4212 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 20:50:36.0286 4212 Filetrace - ok 20:50:36.0317 4212 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 20:50:36.0379 4212 flpydisk - ok 20:50:36.0473 4212 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 20:50:36.0504 4212 FltMgr - ok 20:50:36.0582 4212 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 20:50:36.0660 4212 Fs_Rec - ok 20:50:36.0691 4212 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 20:50:36.0707 4212 gagp30kx - ok 20:50:36.0847 4212 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 20:50:36.0956 4212 HdAudAddService - ok 20:50:37.0019 4212 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:50:37.0112 4212 HDAudBus - ok 20:50:37.0144 4212 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 20:50:37.0237 4212 HidBth - ok 20:50:37.0284 4212 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 20:50:37.0346 4212 HidIr - ok 20:50:37.0409 4212 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 20:50:37.0456 4212 HidUsb - ok 20:50:37.0518 4212 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 20:50:37.0534 4212 HpCISSs - ok 20:50:37.0580 4212 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 20:50:37.0690 4212 HTTP - ok 20:50:37.0736 4212 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 20:50:37.0752 4212 i2omp - ok 20:50:37.0799 4212 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 20:50:37.0861 4212 i8042prt - ok 20:50:37.0908 4212 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys 20:50:37.0939 4212 iaStor - ok 20:50:37.0970 4212 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 20:50:38.0002 4212 iaStorV - ok 20:50:38.0048 4212 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 20:50:38.0064 4212 iirsp - ok 20:50:38.0189 4212 IntcAzAudAddService (5d854cbac8b7b4b964406f9808c95fae) C:\Windows\system32\drivers\RTKVHDA.sys 20:50:38.0329 4212 IntcAzAudAddService - ok 20:50:38.0392 4212 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 20:50:38.0454 4212 intelide - ok 20:50:38.0532 4212 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 20:50:38.0594 4212 intelppm - ok 20:50:38.0641 4212 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:50:38.0704 4212 IpFilterDriver - ok 20:50:38.0719 4212 IpInIp - ok 20:50:38.0766 4212 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 20:50:38.0844 4212 IPMIDRV - ok 20:50:38.0875 4212 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 20:50:38.0938 4212 IPNAT - ok 20:50:38.0969 4212 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 20:50:39.0016 4212 IRENUM - ok 20:50:39.0047 4212 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 20:50:39.0078 4212 isapnp - ok 20:50:39.0125 4212 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 20:50:39.0156 4212 iScsiPrt - ok 20:50:39.0187 4212 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 20:50:39.0203 4212 iteatapi - ok 20:50:39.0265 4212 itecir (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys 20:50:39.0296 4212 itecir - ok 20:50:39.0312 4212 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 20:50:39.0328 4212 iteraid - ok 20:50:39.0374 4212 JRAID (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys 20:50:39.0421 4212 JRAID - ok 20:50:39.0452 4212 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 20:50:39.0484 4212 kbdclass - ok 20:50:39.0530 4212 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 20:50:39.0593 4212 kbdhid - ok 20:50:39.0655 4212 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 20:50:39.0718 4212 KSecDD - ok 20:50:39.0796 4212 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 20:50:39.0920 4212 lltdio - ok 20:50:40.0061 4212 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 20:50:40.0076 4212 LSI_FC - ok 20:50:40.0108 4212 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 20:50:40.0139 4212 LSI_SAS - ok 20:50:40.0170 4212 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 20:50:40.0201 4212 LSI_SCSI - ok 20:50:40.0232 4212 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 20:50:40.0295 4212 luafv - ok 20:50:40.0388 4212 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 20:50:40.0404 4212 MBAMProtector - ok 20:50:40.0451 4212 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 20:50:40.0466 4212 megasas - ok 20:50:40.0529 4212 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 20:50:40.0607 4212 MegaSR - ok 20:50:40.0669 4212 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 20:50:40.0732 4212 Modem - ok 20:50:40.0888 4212 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 20:50:40.0934 4212 monitor - ok 20:50:41.0075 4212 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 20:50:41.0090 4212 mouclass - ok 20:50:41.0153 4212 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 20:50:41.0215 4212 mouhid - ok 20:50:41.0262 4212 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 20:50:41.0278 4212 MountMgr - ok 20:50:41.0512 4212 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 20:50:41.0527 4212 mpio - ok 20:50:41.0574 4212 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 20:50:41.0621 4212 mpsdrv - ok 20:50:41.0714 4212 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 20:50:41.0730 4212 Mraid35x - ok 20:50:41.0777 4212 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 20:50:41.0839 4212 MRxDAV - ok 20:50:41.0886 4212 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:50:41.0948 4212 mrxsmb - ok 20:50:41.0995 4212 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:50:42.0042 4212 mrxsmb10 - ok 20:50:42.0073 4212 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:50:42.0104 4212 mrxsmb20 - ok 20:50:42.0151 4212 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 20:50:42.0182 4212 msahci - ok 20:50:42.0198 4212 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 20:50:42.0229 4212 msdsm - ok 20:50:42.0260 4212 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 20:50:42.0323 4212 Msfs - ok 20:50:42.0354 4212 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 20:50:42.0385 4212 msisadrv - ok 20:50:42.0448 4212 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 20:50:42.0510 4212 MSKSSRV - ok 20:50:42.0526 4212 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 20:50:42.0588 4212 MSPCLOCK - ok 20:50:42.0619 4212 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 20:50:42.0791 4212 MSPQM - ok 20:50:42.0853 4212 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 20:50:42.0900 4212 MsRPC - ok 20:50:42.0931 4212 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 20:50:42.0962 4212 mssmbios - ok 20:50:42.0994 4212 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 20:50:43.0118 4212 MSTEE - ok 20:50:43.0181 4212 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 20:50:43.0196 4212 Mup - ok 20:50:43.0259 4212 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 20:50:43.0306 4212 NativeWifiP - ok 20:50:43.0384 4212 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 20:50:43.0446 4212 NDIS - ok 20:50:43.0493 4212 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 20:50:43.0555 4212 NdisTapi - ok 20:50:43.0571 4212 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 20:50:43.0618 4212 Ndisuio - ok 20:50:43.0664 4212 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 20:50:43.0727 4212 NdisWan - ok 20:50:43.0742 4212 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 20:50:43.0805 4212 NDProxy - ok 20:50:43.0836 4212 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 20:50:43.0898 4212 NetBIOS - ok 20:50:43.0945 4212 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 20:50:43.0976 4212 netbt - ok 20:50:44.0132 4212 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys 20:50:44.0320 4212 NETw4v32 - ok 20:50:44.0382 4212 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 20:50:44.0413 4212 nfrd960 - ok 20:50:44.0460 4212 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 20:50:44.0491 4212 Npfs - ok 20:50:44.0522 4212 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 20:50:44.0585 4212 nsiproxy - ok 20:50:44.0663 4212 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 20:50:44.0725 4212 Ntfs - ok 20:50:44.0756 4212 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 20:50:44.0866 4212 ntrigdigi - ok 20:50:44.0912 4212 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys 20:50:44.0944 4212 NuidFltr - ok 20:50:44.0959 4212 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 20:50:45.0022 4212 Null - ok 20:50:45.0302 4212 nvlddmkm (fe6bebb8fc2a1e50426624025d7c30d6) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:50:45.0848 4212 nvlddmkm - ok 20:50:45.0895 4212 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 20:50:45.0911 4212 nvraid - ok 20:50:45.0942 4212 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 20:50:45.0973 4212 nvstor - ok 20:50:45.0989 4212 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 20:50:46.0020 4212 nv_agp - ok 20:50:46.0020 4212 NwlnkFlt - ok 20:50:46.0051 4212 NwlnkFwd - ok 20:50:46.0114 4212 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 20:50:46.0145 4212 ohci1394 - ok 20:50:46.0207 4212 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 20:50:46.0301 4212 Parport - ok 20:50:46.0363 4212 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 20:50:46.0379 4212 partmgr - ok 20:50:46.0410 4212 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 20:50:46.0504 4212 Parvdm - ok 20:50:46.0550 4212 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 20:50:46.0566 4212 pci - ok 20:50:46.0613 4212 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 20:50:46.0628 4212 pciide - ok 20:50:46.0660 4212 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 20:50:46.0675 4212 pcmcia - ok 20:50:46.0738 4212 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 20:50:46.0940 4212 PEAUTH - ok 20:50:47.0096 4212 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 20:50:47.0159 4212 PptpMiniport - ok 20:50:47.0174 4212 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 20:50:47.0237 4212 Processor - ok 20:50:47.0299 4212 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 20:50:47.0330 4212 PSched - ok 20:50:47.0408 4212 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 20:50:47.0502 4212 ql2300 - ok 20:50:47.0533 4212 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 20:50:47.0564 4212 ql40xx - ok 20:50:47.0596 4212 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 20:50:47.0642 4212 QWAVEdrv - ok 20:50:47.0674 4212 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 20:50:47.0736 4212 RasAcd - ok 20:50:47.0767 4212 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:50:47.0830 4212 Rasl2tp - ok 20:50:47.0892 4212 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 20:50:47.0939 4212 RasPppoe - ok 20:50:47.0970 4212 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 20:50:48.0001 4212 RasSstp - ok 20:50:48.0032 4212 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 20:50:48.0095 4212 rdbss - ok 20:50:48.0110 4212 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:50:48.0173 4212 RDPCDD - ok 20:50:48.0204 4212 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 20:50:48.0266 4212 rdpdr - ok 20:50:48.0298 4212 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 20:50:48.0344 4212 RDPENCDD - ok 20:50:48.0376 4212 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 20:50:48.0422 4212 RDPWD - ok 20:50:48.0500 4212 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 20:50:48.0547 4212 RFCOMM - ok 20:50:48.0594 4212 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 20:50:48.0656 4212 rspndr - ok 20:50:48.0703 4212 RTL2832UBDA (3f2e468d0659cec13aeb57f09860a47b) C:\Windows\system32\drivers\RTL2832UBDA.sys 20:50:48.0734 4212 RTL2832UBDA - ok 20:50:48.0781 4212 RTL2832UUSB (a2cef3feec543fd0a027222fddb87ecd) C:\Windows\system32\Drivers\RTL2832UUSB.sys 20:50:48.0797 4212 RTL2832UUSB - ok 20:50:48.0828 4212 RTL2832U_IRHID (cf9b3fc317b6ea27531c0e8e04df286e) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys 20:50:48.0844 4212 RTL2832U_IRHID - ok 20:50:48.0890 4212 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys 20:50:48.0953 4212 RTL8169 - ok 20:50:48.0984 4212 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 20:50:49.0000 4212 sbp2port - ok 20:50:49.0062 4212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:50:49.0140 4212 secdrv - ok 20:50:49.0171 4212 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 20:50:49.0265 4212 Serenum - ok 20:50:49.0296 4212 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 20:50:49.0374 4212 Serial - ok 20:50:49.0405 4212 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 20:50:49.0468 4212 sermouse - ok 20:50:49.0514 4212 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 20:50:49.0561 4212 sffdisk - ok 20:50:49.0592 4212 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 20:50:49.0639 4212 sffp_mmc - ok 20:50:49.0670 4212 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 20:50:49.0717 4212 sffp_sd - ok 20:50:49.0764 4212 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 20:50:49.0826 4212 sfloppy - ok 20:50:49.0889 4212 Si3531 (8613e8fe6c190f377240a3989fad5d5e) C:\Windows\system32\DRIVERS\Si3531.sys 20:50:49.0904 4212 Si3531 - ok 20:50:49.0936 4212 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\Windows\system32\DRIVERS\SiWinAcc.sys 20:50:49.0982 4212 SiFilter - ok 20:50:49.0998 4212 SiRemFil (41a59f484188be629087ba391ff60d74) C:\Windows\system32\DRIVERS\SiRemFil.sys 20:50:50.0029 4212 SiRemFil - ok 20:50:50.0076 4212 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 20:50:50.0092 4212 sisagp - ok 20:50:50.0123 4212 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 20:50:50.0138 4212 SiSRaid2 - ok 20:50:50.0170 4212 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 20:50:50.0201 4212 SiSRaid4 - ok 20:50:50.0248 4212 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 20:50:50.0294 4212 Smb - ok 20:50:50.0357 4212 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys 20:50:50.0466 4212 smserial - ok 20:50:50.0513 4212 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 20:50:50.0528 4212 spldr - ok 20:50:50.0575 4212 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 20:50:50.0638 4212 srv - ok 20:50:50.0684 4212 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 20:50:50.0747 4212 srv2 - ok 20:50:50.0794 4212 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 20:50:50.0840 4212 srvnet - ok 20:50:50.0887 4212 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 20:50:50.0903 4212 ssmdrv - ok 20:50:50.0965 4212 StarOpen - ok 20:50:50.0996 4212 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 20:50:51.0028 4212 swenum - ok 20:50:51.0043 4212 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 20:50:51.0074 4212 Symc8xx - ok 20:50:51.0121 4212 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 20:50:51.0152 4212 Sym_hi - ok 20:50:51.0168 4212 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 20:50:51.0199 4212 Sym_u3 - ok 20:50:51.0293 4212 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 20:50:51.0418 4212 Tcpip - ok 20:50:51.0496 4212 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 20:50:51.0574 4212 Tcpip6 - ok 20:50:51.0620 4212 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 20:50:51.0667 4212 tcpipreg - ok 20:50:51.0714 4212 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 20:50:51.0761 4212 TDPIPE - ok 20:50:51.0792 4212 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 20:50:51.0854 4212 TDTCP - ok 20:50:51.0901 4212 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 20:50:51.0964 4212 tdx - ok 20:50:52.0026 4212 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 20:50:52.0042 4212 TermDD - ok 20:50:52.0120 4212 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:50:52.0166 4212 tssecsrv - ok 20:50:52.0182 4212 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 20:50:52.0229 4212 tunmp - ok 20:50:52.0276 4212 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 20:50:52.0307 4212 tunnel - ok 20:50:52.0338 4212 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 20:50:52.0369 4212 uagp35 - ok 20:50:52.0432 4212 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 20:50:52.0494 4212 udfs - ok 20:50:52.0541 4212 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 20:50:52.0556 4212 uliagpkx - ok 20:50:52.0603 4212 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 20:50:52.0634 4212 uliahci - ok 20:50:52.0666 4212 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 20:50:52.0681 4212 UlSata - ok 20:50:52.0712 4212 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 20:50:52.0728 4212 ulsata2 - ok 20:50:52.0759 4212 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 20:50:52.0822 4212 umbus - ok 20:50:52.0900 4212 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 20:50:52.0946 4212 usbccgp - ok 20:50:52.0978 4212 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 20:50:53.0071 4212 usbcir - ok 20:50:53.0102 4212 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 20:50:53.0149 4212 usbehci - ok 20:50:53.0196 4212 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 20:50:53.0258 4212 usbhub - ok 20:50:53.0290 4212 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 20:50:53.0383 4212 usbohci - ok 20:50:53.0430 4212 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 20:50:53.0492 4212 usbprint - ok 20:50:53.0539 4212 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 20:50:53.0586 4212 usbscan - ok 20:50:53.0617 4212 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:50:53.0664 4212 USBSTOR - ok 20:50:53.0695 4212 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 20:50:53.0742 4212 usbuhci - ok 20:50:53.0773 4212 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 20:50:53.0836 4212 vga - ok 20:50:53.0867 4212 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 20:50:53.0929 4212 VgaSave - ok 20:50:53.0976 4212 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 20:50:53.0992 4212 viaagp - ok 20:50:54.0023 4212 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 20:50:54.0070 4212 ViaC7 - ok 20:50:54.0101 4212 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 20:50:54.0116 4212 viaide - ok 20:50:54.0148 4212 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 20:50:54.0163 4212 volmgr - ok 20:50:54.0210 4212 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 20:50:54.0241 4212 volmgrx - ok 20:50:54.0288 4212 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 20:50:54.0319 4212 volsnap - ok 20:50:54.0350 4212 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 20:50:54.0382 4212 vsmraid - ok 20:50:54.0428 4212 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 20:50:54.0538 4212 WacomPen - ok 20:50:54.0569 4212 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:50:54.0616 4212 Wanarp - ok 20:50:54.0631 4212 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:50:54.0678 4212 Wanarpv6 - ok 20:50:54.0709 4212 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 20:50:54.0725 4212 Wd - ok 20:50:54.0772 4212 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 20:50:54.0834 4212 Wdf01000 - ok 20:50:54.0928 4212 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:50:54.0959 4212 WmiAcpi - ok 20:50:55.0037 4212 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 20:50:55.0099 4212 WpdUsb - ok 20:50:55.0130 4212 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 20:50:55.0193 4212 ws2ifsl - ok 20:50:55.0240 4212 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:50:55.0302 4212 WUDFRd - ok 20:50:55.0349 4212 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 20:50:55.0567 4212 \Device\Harddisk0\DR0 - ok 20:50:55.0567 4212 Boot (0x1200) (579a7a032e337a3761f23e619d0a8322) \Device\Harddisk0\DR0\Partition0 20:50:55.0583 4212 \Device\Harddisk0\DR0\Partition0 - ok 20:50:55.0614 4212 Boot (0x1200) (e36eb5ffc005f3a5f9a19d4e34b70750) \Device\Harddisk0\DR0\Partition1 20:50:55.0614 4212 \Device\Harddisk0\DR0\Partition1 - ok 20:50:55.0614 4212 ============================================================ 20:50:55.0614 4212 Scan finished 20:50:55.0614 4212 ============================================================ 20:50:55.0630 4356 Detected object count: 3 20:50:55.0630 4356 Actual detected object count: 3 20:52:06.0235 4356 CEBFilter ( UnsignedFile.Multi.Generic ) - skipped by user 20:52:06.0235 4356 CEBFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:52:06.0235 4356 CEIO ( UnsignedFile.Multi.Generic ) - skipped by user 20:52:06.0235 4356 CEIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:52:06.0235 4356 cKBFilter ( UnsignedFile.Multi.Generic ) - skipped by user 20:52:06.0235 4356 cKBFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip |
06.03.2012, 21:22 | #15 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt - bezahlen... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows gesperrt - bezahlen... |
andere, anderen, beiträge, gesperrt, super, thema, weiterhelfen, windows, windows gesperrt |