Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.03.2012, 22:54   #1
sumo
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



Hi,

als ich im Internet surfte ging auf einmal ein Fenster auf mit der obigen Meldung und ich konnte nichts mehr machen. Ich sollte 50€ bezahlen damit es wieder funktioniert.
Kann mir da jemand weiterhelfen?

Ich hab schonmal OTL gestartet.

otl.txt:

OTL logfile created on: 06.03.2012 22:07:53 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\sumo\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 79,93% Memory free
4,71 Gb Paging File | 4,45 Gb Available in Paging File | 94,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 90,19 Gb Free Space | 30,26% Space Free | Partition Type: NTFS

Computer Name: SUMO-PC | User Name: sumo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.06 22:03:09 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\sumo\Downloads\OTL.exe
PRC - [2009.01.14 15:58:27 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Stopped] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.09.08 11:10:20 | 000,450,560 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.09.08 11:09:40 | 000,184,320 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.10.21 11:40:46 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.10.21 08:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 08:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 08:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 08:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 08:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 08:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 08:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.10.07 20:31:38 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\HomeCinema\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008.09.29 14:59:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.05 12:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008.07.28 15:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.01.21 03:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=9Vg-UU4Eq04-6U1TzhNkEbBR53o?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.26 20:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.26 20:46:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\videofinder3 [2009.04.11 17:21:40 | 000,000,000 | ---D | M]

[2009.04.06 16:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sumo\AppData\Roaming\mozilla\Extensions
[2012.03.06 21:52:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sumo\AppData\Roaming\mozilla\Firefox\Profiles\b1fatw5b.default\extensions
[2009.07.01 18:14:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sumo\AppData\Roaming\mozilla\Firefox\Profiles\b1fatw5b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.06 16:35:40 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\sumo\AppData\Roaming\mozilla\Firefox\Profiles\b1fatw5b.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009.12.09 18:45:46 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\sumo\AppData\Roaming\mozilla\Firefox\Profiles\b1fatw5b.default\extensions\firefox@tvunetworks.com
[2012.03.06 21:52:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.04.06 16:18:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.04.06 16:18:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2010.01.27 20:27:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2008.11.11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010.03.14 21:54:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 21:54:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.14 21:54:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.14 21:54:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.14 21:54:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\sumo\Bitcomet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [{4CC79FE9-CD4A-1B02-7B71-6879EDED45BA}] C:\Users\sumo\AppData\Roaming\Uwiza\fyakpun.exe ()
O4 - HKCU..\Run: [BitComet] C:\Users\sumo\Bitcomet\BitComet.exe (www.BitComet.com)
O4 - HKCU..\Run: [Magntvol] C:\Users\sumo\AppData\Local\Temp\icsuress.dll ()
O4 - HKCU..\Run: [SkypeM] C:\Users\sumo\AppData\Local\Skype\Skype.exe (Unizeto Sp. z o.o.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\sumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Users\sumo\Bitcomet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Alle &Videos mit BitComet herunterladen - C:\Users\sumo\Bitcomet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Users\sumo\Bitcomet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Users\sumo\Bitcomet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC336C5-793C-4413-91D7-08C17FDC82EA}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B89040-6443-4225-B504-681C414A9CAB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6B51ED6-E3C0-418F-BF80-C815BF8FE56D}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{11195de6-22a6-11de-8859-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{11195de6-22a6-11de-8859-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012.03.01 16:47:26 | 000,000,000 | ---D | C] -- C:\Users\sumo\Desktop\Musiksammlung
[2012.02.29 21:31:43 | 000,000,000 | ---D | C] -- C:\Users\sumo\AppData\Roaming\Yfyl
[2012.02.29 21:31:43 | 000,000,000 | ---D | C] -- C:\Users\sumo\AppData\Roaming\Uwiza
[2012.02.29 16:17:43 | 000,000,000 | ---D | C] -- C:\Users\sumo\Desktop\Feuerwehr gefährliche Stoffe und Güter
[1 C:\Users\sumo\Desktop\*.tmp files -> C:\Users\sumo\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.06 22:04:02 | 000,008,944 | ---- | M] () -- C:\Users\sumo\AppData\Local\d3d9caps.dat
[2012.03.06 21:21:23 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.06 21:21:23 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.06 21:21:23 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.06 21:21:23 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.06 21:17:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.06 18:59:41 | 000,192,292 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.03.06 18:59:41 | 000,192,292 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.03.06 18:59:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.06 18:59:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 18:59:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 12:07:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.01 19:58:25 | 000,023,552 | ---- | M] () -- C:\Users\sumo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.22 21:13:17 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Users\sumo\Desktop\*.tmp files -> C:\Users\sumo\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========


========== LOP Check ==========

[2010.01.06 17:36:23 | 000,000,000 | ---D | M] -- C:\Users\sumo\AppData\Roaming\CD-LabelPrint
[2012.01.28 15:34:46 | 000,000,000 | ---D | M] -- C:\Users\sumo\AppData\Roaming\FileZilla
[2010.01.05 02:23:17 | 000,000,000 | ---D | M] -- C:\Users\sumo\AppData\Roaming\ImgBurn
[2012.02.29 21:31:43 | 000,000,000 | ---D | M] -- C:\Users\sumo\AppData\Roaming\Uwiza
[2009.04.07 12:11:34 | 000,000,000 | ---D | M] -- C:\Users\sumo\AppData\Roaming\Verimount
[2012.03.06 11:02:45 | 000,000,000 | ---D | M] -- C:\Users\sumo\AppData\Roaming\Yfyl
[2012.03.06 12:14:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.04.06 13:41:57 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.02.05 22:33:55 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.11.23 17:30:20 | 000,000,000 | ---D | M] -- C:\CoH V2
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.06 13:37:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.04.06 16:36:18 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.02.06 11:45:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.28 13:31:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.26 18:48:21 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.04.06 13:37:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.10.02 13:14:47 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.03.06 11:31:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.01 20:14:59 | 000,000,000 | ---D | M] -- C:\UserData
[2009.04.06 13:41:23 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.02 01:13:55 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.05.10 04:22:58 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=961859CA0A8D18B4242EF222092D337D -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_31486222\AGP440.sys
[2008.05.10 04:22:58 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=961859CA0A8D18B4242EF222092D337D -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22176_none_ba56dc4ed801d4e5\AGP440.sys
[2008.05.10 04:14:24 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=EB0082AE6173905ADBDB2D19AEEA976A -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_7997c13a\AGP440.sys
[2008.05.10 04:14:24 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=EB0082AE6173905ADBDB2D19AEEA976A -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20832_none_b897de16dabe6bfb\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.01.14 15:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2009.01.14 15:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.01.14 15:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sy s
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.01.14 15:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2009.01.14 15:58:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.01.14 15:58:27 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2009.01.14 15:58:27 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.01.14 15:58:27 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.01.14 15:58:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\drivers\nvstor32.sys
[2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_de3b0723\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2010.01.27 20:07:48 | 028,253,422 | ---- | M] (AppWork UG (haftungsbeschränkt)) -- C:\Users\sumo\JDownloader095Setup.exe
[2012.03.06 22:10:10 | 002,883,584 | -HS- | M] () -- C:\Users\sumo\NTUSER.DAT
[2012.03.06 22:10:10 | 000,262,144 | -H-- | M] () -- C:\Users\sumo\ntuser.dat.LOG1
[2009.04.06 13:41:31 | 000,000,000 | -H-- | M] () -- C:\Users\sumo\ntuser.dat.LOG2
[2012.03.06 12:15:23 | 000,065,536 | -HS- | M] () -- C:\Users\sumo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.03.06 12:15:23 | 000,524,288 | -HS- | M] () -- C:\Users\sumo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.04.08 02:08:12 | 000,524,288 | -HS- | M] () -- C:\Users\sumo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.04.06 13:41:33 | 000,000,020 | -HS- | M] () -- C:\Users\sumo\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:4668108EEB6FB53A

< End of report >



extras.txt:


OTL Extras logfile created on: 06.03.2012 22:07:53 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\sumo\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 79,93% Memory free
4,71 Gb Paging File | 4,45 Gb Available in Paging File | 94,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 90,19 Gb Free Space | 30,26% Space Free | Partition Type: NTFS

Computer Name: SUMO-PC | User Name: sumo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65682146-2DDB-474E-A99F-1D48A04E3318}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{821C63D6-FEE2-4AC1-AD4E-D03D9299F5D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E0C8732B-E63D-4D24-987C-B7199A1CBEB8}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B3176-174F-45E1-A67E-7571DC4F1B29}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{1B381CDD-96E0-493E-9ACC-C12C3162250C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{23AEA1C8-B575-425A-96E9-F420F34E53A0}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{34025196-C1A0-4974-8F16-5A337D4AC10E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{52452FB3-68CB-4DC4-ABA3-0E3C56EBD7FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52E489A0-2756-48DE-8A7F-1CE79261B316}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{626EF331-9564-425D-BAA8-84336305AC01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63F25134-C584-4724-BC2D-6CC39B7FC578}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7BED5B1F-0B03-4075-AD14-CFA3C9AC236E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{890A5A65-C386-4D40-980E-9B871BC24B75}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{8E9E018F-A7AC-4E3E-9F96-6B56391D4A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A62486D0-CACA-4253-A827-4354C629D4F4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC866459-00C8-4F2C-AAB5-64B41BA85B17}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D07FD3CE-864B-4C39-9E24-ED1752B29B79}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{7B24F01F-B52B-4E1E-8F93-D65D0E493ABF}C:\users\sumo\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\users\sumo\bitcomet\bitcomet.exe |
"TCP Query User{86DE9323-D9AC-4D91-9020-68C92C95988D}C:\users\sumo\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\users\sumo\bitcomet\bitcomet.exe |
"TCP Query User{AF3732CC-7283-4CA4-AA3E-0106036BBB97}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{C0F065BF-807E-4E9C-9D18-E6FB3B84CECF}C:\coh v2\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\coh v2\company of heroes\reliccoh.exe |
"TCP Query User{C415EE13-CC32-445A-BEEA-1CA51292017C}C:\coh v2\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\coh v2\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{23D8D503-FEE3-4FBF-BC27-44E86D4ED951}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{6013312B-943E-4911-8B0E-D50963961F21}C:\users\sumo\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\users\sumo\bitcomet\bitcomet.exe |
"UDP Query User{775F422D-379A-485F-B781-FD9F07A7846F}C:\coh v2\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\coh v2\company of heroes\reliccoh.exe |
"UDP Query User{A539D360-248D-472A-B5D4-D14D5A92B497}C:\coh v2\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\coh v2\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{BCA5154C-4197-427D-ADDB-7B09854D88A2}C:\users\sumo\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\users\sumo\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}" = Veoh Player
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8984E374-6C93-427C-A3B9-AD92472FDCA0}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"BitComet" = BitComet 1.10
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CloneCD" = CloneCD
"Control Manager" = Control Manager
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Externes Notenmodul für SchILD-NRW_is1" = Externes Notenmodul 2.1.9.4
"FileZilla Client" = FileZilla Client 3.5.3
"FirstloadIkarus" = Firstload Ikarus
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}" = Veoh Player
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.5.0.1
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06.03.2012 05:49:59 | Computer Name = sumo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.03.2012 05:49:59 | Computer Name = sumo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.03.2012 05:49:59 | Computer Name = sumo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.03.2012 05:49:59 | Computer Name = sumo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.03.2012 05:49:59 | Computer Name = sumo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.03.2012 05:49:59 | Computer Name = sumo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.03.2012 05:49:59 | Computer Name = sumo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.03.2012 13:59:35 | Computer Name = sumo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung UPNP.exe, Version 1.0.6.8, Zeitstempel 0x46683866,
fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc, Ausnahmecode
0xc0000005, Fehleroffset 0x00044379, Prozess-ID 0xde0, Anwendungsstartzeit 01ccfbc2e0d3758e.

Error - 06.03.2012 16:17:28 | Computer Name = sumo-PC | Source = EventSystem | ID = 4609
Description =

Error - 06.03.2012 16:18:31 | Computer Name = sumo-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 02.06.2009 19:20:46 | Computer Name = sumo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.08.2010 04:04:59 | Computer Name = sumo-PC | Source = bowser | ID = 8003
Description =

Error - 06.08.2010 08:58:06 | Computer Name = sumo-PC | Source = HTTP | ID = 15016
Description =

Error - 06.08.2010 08:59:16 | Computer Name = sumo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07.08.2010 08:05:07 | Computer Name = sumo-PC | Source = bowser | ID = 8003
Description =

Error - 09.08.2010 16:34:53 | Computer Name = sumo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.08.2010 um 22:31:37 unerwartet heruntergefahren.

Error - 09.08.2010 16:34:55 | Computer Name = sumo-PC | Source = HTTP | ID = 15016
Description =

Error - 09.08.2010 16:36:30 | Computer Name = sumo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13.08.2010 13:49:35 | Computer Name = sumo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.08.2010 um 00:14:47 unerwartet heruntergefahren.

Error - 13.08.2010 13:49:38 | Computer Name = sumo-PC | Source = HTTP | ID = 15016
Description =

Error - 13.08.2010 13:51:12 | Computer Name = sumo-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Schon mal danke im voraus.

Alt 07.03.2012, 07:55   #2
Chris4You
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



Hi,

den Treiber (NwlnkFwd) gibt es als exe, dann ist es ein Trojaner oder als sys dann ist er von Microsoft,
(IpInIp) sollte ein Rootkit sei, da nicht die Files nicht gefunden wurden, werde ich sie "killen" ;o)...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [{4CC79FE9-CD4A-1B02-7B71-6879EDED45BA}] C:\Users\sumo\AppData\Roaming\Uwiza\fyakpun.exe ()
O4 - HKCU..\Run: [Magntvol] C:\Users\sumo\AppData\Local\Temp\icsuress.dll ()
O4 - HKCU..\Run: [SkypeM] C:\Users\sumo\AppData\Local\Skype\Skype.exe (Unizeto Sp. z o.o.)
[2012.03.06 11:02:45 | 000,000,000 | ---D | M] -- C:\Users\sumo\AppData\Roaming\Yfyl

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

TDSS-Killer
Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris
__________________

__________________

Alt 07.03.2012, 14:09   #3
sumo
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



Ui ui ui,

da kommt ja einiges auf mich zu. Ich arbeite es dann mal von oben ab.

OTL hab ich mit fix laufen lassen, er wollte anschließend einen neustart und ist im normal modus windows hochgefahren, keine fehlermeldung erschien.
Diese Textnachricht ging dann von alleine auf, ich hoffe das war das Ergebnisfenster:

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
::1 localhost removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{4CC79FE9-CD4A-1B02-7B71-6879EDED45BA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CC79FE9-CD4A-1B02-7B71-6879EDED45BA}\ not found.
C:\Users\sumo\AppData\Roaming\Uwiza\fyakpun.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Magntvol deleted successfully.
C:\Users\sumo\AppData\Local\Temp\icsuress.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully.
C:\Users\sumo\AppData\Local\Skype\Skype.exe moved successfully.
C:\Users\sumo\AppData\Roaming\Yfyl folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval" | dword:0x01 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: sumo
->Temp folder emptied: 4623399165 bytes
->Temporary Internet Files folder emptied: 91888245 bytes
->Java cache emptied: 1953241 bytes
->FireFox cache emptied: 63939817 bytes
->Google Chrome cache emptied: 7193546 bytes
->Flash cache emptied: 91146 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50473666 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 320 bytes
RecycleBin emptied: 14983393904 bytes

Total Files Cleaned = 18.904,00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03072012_135347

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Den Ordner %systemroot%\_OTL find ich nicht, wo soll der den sein?
__________________

Alt 07.03.2012, 14:22   #4
Chris4You
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



Hi,

das Log reicht schon ((sonst findest Du ih unter C:\_OTL...)

Poste auch das LOG von MAM (wenn es mit Fullscan fertig ist) und das Log vom Killer...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.03.2012, 16:13   #5
sumo
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



hi,

das hat ja mal gedauert ;-).

mam hat 6 infizierte Ojekte gefunden:


Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.07.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
sumo :: SUMO-PC [Administrator]

07.03.2012 14:19:16
mbam-log-2012-03-07 (14-19-16).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355472
Laufzeit: 1 Stunde(n), 18 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control Manager (Rogue.ControlManager) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Users\sumo\Downloads\installer_clonecd_5_3_1_4_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Keine Aktion durchgeführt.
C:\Users\sumo\Downloads\adobeflashplayerv10.0.45.2(2).exe (Rogue.Installer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sumo\Downloads\adobeflashplayerv10.0.45.2(3).exe (Rogue.Installer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sumo\Downloads\adobeflashplayerv10.0.45.2.exe (Rogue.Installer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\03072012_135347\C_Users\sumo\AppData\Local\Skype\Skype.exe (Trojan.Zbot.USZ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\03072012_135347\C_Users\sumo\AppData\Roaming\Uwiza\fyakpun.exe (Spyware.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Mache jetzt mit Killer weiter


Alt 07.03.2012, 16:16   #6
Chris4You
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



Hi,

ok...

chris
__________________
--> Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€

Alt 07.03.2012, 16:30   #7
sumo
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



hi,

das ging ja mal schnell.

TDSS bericht:


16:25:15.0903 1516 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
16:25:15.0976 1516 ============================================================
16:25:15.0976 1516 Current date / time: 2012/03/07 16:25:15.0976
16:25:15.0976 1516 SystemInfo:
16:25:15.0976 1516
16:25:15.0976 1516 OS Version: 6.0.6001 ServicePack: 1.0
16:25:15.0976 1516 Product type: Workstation
16:25:15.0976 1516 ComputerName: SUMO-PC
16:25:15.0976 1516 UserName: sumo
16:25:15.0976 1516 Windows directory: C:\Windows
16:25:15.0976 1516 System windows directory: C:\Windows
16:25:15.0976 1516 Processor architecture: Intel x86
16:25:15.0976 1516 Number of processors: 2
16:25:15.0976 1516 Page size: 0x1000
16:25:15.0976 1516 Boot type: Normal boot
16:25:15.0976 1516 ============================================================
16:25:17.0361 1516 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:25:17.0363 1516 \Device\Harddisk0\DR0:
16:25:17.0364 1516 MBR used
16:25:17.0364 1516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x2542DFE0
16:25:17.0391 1516 Initialize success
16:25:17.0391 1516 ============================================================
16:25:59.0681 1736 ============================================================
16:25:59.0681 1736 Scan started
16:25:59.0681 1736 Mode: Manual; SigCheck; TDLFS;
16:25:59.0681 1736 ============================================================
16:26:00.0223 1736 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
16:26:00.0393 1736 acedrv11 - ok
16:26:00.0474 1736 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
16:26:00.0492 1736 ACPI - ok
16:26:00.0555 1736 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:26:00.0579 1736 adp94xx - ok
16:26:00.0607 1736 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:26:00.0625 1736 adpahci - ok
16:26:00.0655 1736 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:26:00.0668 1736 adpu160m - ok
16:26:00.0686 1736 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:26:00.0700 1736 adpu320 - ok
16:26:00.0790 1736 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
16:26:00.0849 1736 AFD - ok
16:26:00.0901 1736 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:26:00.0915 1736 agp440 - ok
16:26:00.0952 1736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:26:00.0969 1736 aic78xx - ok
16:26:01.0000 1736 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:26:01.0010 1736 aliide - ok
16:26:01.0037 1736 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:26:01.0049 1736 amdagp - ok
16:26:01.0069 1736 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:26:01.0079 1736 amdide - ok
16:26:01.0095 1736 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:26:01.0148 1736 AmdK7 - ok
16:26:01.0169 1736 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:26:01.0214 1736 AmdK8 - ok
16:26:01.0266 1736 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:26:01.0275 1736 arc - ok
16:26:01.0312 1736 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:26:01.0322 1736 arcsas - ok
16:26:01.0345 1736 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:26:01.0390 1736 AsyncMac - ok
16:26:01.0429 1736 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
16:26:01.0437 1736 atapi - ok
16:26:01.0509 1736 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
16:26:01.0612 1736 athr - ok
16:26:01.0759 1736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:26:01.0807 1736 Beep - ok
16:26:01.0863 1736 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:26:01.0911 1736 blbdrive - ok
16:26:01.0986 1736 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
16:26:02.0040 1736 bowser - ok
16:26:02.0198 1736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:26:02.0440 1736 BrFiltLo - ok
16:26:02.0463 1736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:26:02.0528 1736 BrFiltUp - ok
16:26:02.0574 1736 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:26:02.0779 1736 Brserid - ok
16:26:02.0805 1736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:26:02.0902 1736 BrSerWdm - ok
16:26:02.0933 1736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:26:03.0024 1736 BrUsbMdm - ok
16:26:03.0048 1736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:26:03.0127 1736 BrUsbSer - ok
16:26:03.0160 1736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:26:03.0230 1736 BTHMODEM - ok
16:26:03.0257 1736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:26:03.0309 1736 cdfs - ok
16:26:03.0334 1736 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
16:26:03.0374 1736 cdrom - ok
16:26:03.0398 1736 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:26:03.0449 1736 circlass - ok
16:26:03.0488 1736 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
16:26:03.0509 1736 CLFS - ok
16:26:03.0579 1736 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:26:03.0637 1736 CmBatt - ok
16:26:03.0671 1736 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:26:03.0684 1736 cmdide - ok
16:26:03.0711 1736 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:26:03.0723 1736 Compbatt - ok
16:26:03.0739 1736 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:26:03.0753 1736 crcdisk - ok
16:26:03.0780 1736 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:26:03.0844 1736 Crusoe - ok
16:26:03.0916 1736 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
16:26:03.0976 1736 DfsC - ok
16:26:04.0062 1736 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
16:26:04.0075 1736 disk - ok
16:26:04.0138 1736 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:26:04.0182 1736 drmkaud - ok
16:26:04.0240 1736 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
16:26:04.0346 1736 DXGKrnl - ok
16:26:04.0409 1736 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:26:04.0450 1736 E1G60 - ok
16:26:04.0502 1736 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
16:26:04.0519 1736 Ecache - ok
16:26:04.0599 1736 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
16:26:04.0612 1736 ElbyCDFL - ok
16:26:04.0669 1736 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:26:04.0681 1736 ElbyCDIO - ok
16:26:04.0720 1736 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:26:04.0747 1736 elxstor - ok
16:26:04.0781 1736 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:26:04.0852 1736 ErrDev - ok
16:26:04.0911 1736 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
16:26:04.0964 1736 exfat - ok
16:26:04.0984 1736 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
16:26:05.0041 1736 fastfat - ok
16:26:05.0081 1736 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:26:05.0127 1736 fdc - ok
16:26:05.0158 1736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:26:05.0173 1736 FileInfo - ok
16:26:05.0203 1736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:26:05.0247 1736 Filetrace - ok
16:26:05.0287 1736 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:26:05.0352 1736 flpydisk - ok
16:26:05.0374 1736 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
16:26:05.0389 1736 FltMgr - ok
16:26:05.0425 1736 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:26:05.0466 1736 Fs_Rec - ok
16:26:05.0494 1736 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:26:05.0506 1736 gagp30kx - ok
16:26:05.0558 1736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:26:05.0567 1736 GEARAspiWDM - ok
16:26:05.0681 1736 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:26:05.0772 1736 HdAudAddService - ok
16:26:05.0809 1736 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:26:05.0868 1736 HDAudBus - ok
16:26:05.0892 1736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:26:05.0960 1736 HidBth - ok
16:26:05.0985 1736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:26:06.0056 1736 HidIr - ok
16:26:06.0109 1736 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
16:26:06.0138 1736 HidUsb - ok
16:26:06.0172 1736 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:26:06.0183 1736 HpCISSs - ok
16:26:06.0233 1736 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
16:26:06.0350 1736 HTTP - ok
16:26:06.0388 1736 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:26:06.0398 1736 i2omp - ok
16:26:06.0434 1736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:26:06.0494 1736 i8042prt - ok
16:26:06.0532 1736 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:26:06.0552 1736 iaStorV - ok
16:26:06.0577 1736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:26:06.0590 1736 iirsp - ok
16:26:06.0703 1736 IntcAzAudAddService (b8716d9677b04b82fa405c8c54954728) C:\Windows\system32\drivers\RTKVHDA.sys
16:26:06.0844 1736 IntcAzAudAddService - ok
16:26:06.0899 1736 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:26:06.0909 1736 intelide - ok
16:26:06.0953 1736 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:26:06.0997 1736 intelppm - ok
16:26:07.0032 1736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:26:07.0087 1736 IpFilterDriver - ok
16:26:07.0118 1736 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:26:07.0148 1736 IPMIDRV - ok
16:26:07.0178 1736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:26:07.0207 1736 IPNAT - ok
16:26:07.0230 1736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:26:07.0270 1736 IRENUM - ok
16:26:07.0292 1736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:26:07.0301 1736 isapnp - ok
16:26:07.0335 1736 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
16:26:07.0347 1736 iScsiPrt - ok
16:26:07.0358 1736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:26:07.0368 1736 iteatapi - ok
16:26:07.0525 1736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:26:07.0561 1736 iteraid - ok
16:26:07.0596 1736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:26:07.0605 1736 kbdclass - ok
16:26:07.0626 1736 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
16:26:07.0688 1736 kbdhid - ok
16:26:07.0737 1736 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
16:26:07.0762 1736 KSecDD - ok
16:26:07.0812 1736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:26:07.0852 1736 lltdio - ok
16:26:07.0891 1736 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:26:07.0903 1736 LSI_FC - ok
16:26:07.0940 1736 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:26:07.0951 1736 LSI_SAS - ok
16:26:07.0982 1736 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:26:07.0992 1736 LSI_SCSI - ok
16:26:08.0019 1736 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:26:08.0065 1736 luafv - ok
16:26:08.0130 1736 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
16:26:08.0195 1736 massfilter - ok
16:26:08.0264 1736 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
16:26:08.0276 1736 MBAMSwissArmy - ok
16:26:08.0490 1736 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:26:08.0501 1736 megasas - ok
16:26:08.0671 1736 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:26:08.0750 1736 MegaSR - ok
16:26:08.0815 1736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:26:08.0866 1736 Modem - ok
16:26:08.0900 1736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:26:08.0953 1736 monitor - ok
16:26:08.0984 1736 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:26:08.0998 1736 mouclass - ok
16:26:09.0017 1736 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:26:09.0069 1736 mouhid - ok
16:26:09.0096 1736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:26:09.0107 1736 MountMgr - ok
16:26:09.0158 1736 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:26:09.0171 1736 mpio - ok
16:26:09.0196 1736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:26:09.0220 1736 mpsdrv - ok
16:26:09.0250 1736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:26:09.0260 1736 Mraid35x - ok
16:26:09.0290 1736 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
16:26:09.0360 1736 MRxDAV - ok
16:26:09.0410 1736 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:26:09.0466 1736 mrxsmb - ok
16:26:09.0533 1736 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:26:09.0581 1736 mrxsmb10 - ok
16:26:09.0640 1736 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:26:09.0659 1736 mrxsmb20 - ok
16:26:09.0709 1736 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
16:26:09.0723 1736 msahci - ok
16:26:09.0763 1736 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:26:09.0780 1736 msdsm - ok
16:26:09.0829 1736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:26:09.0908 1736 Msfs - ok
16:26:09.0979 1736 msisadrv (119676519a5cdba5056995370be42de6) C:\Windows\system32\drivers\msisadrv.sys
16:26:09.0992 1736 msisadrv - ok
16:26:10.0056 1736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:26:10.0111 1736 MSKSSRV - ok
16:26:10.0128 1736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:26:10.0165 1736 MSPCLOCK - ok
16:26:10.0200 1736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:26:10.0239 1736 MSPQM - ok
16:26:10.0290 1736 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
16:26:10.0309 1736 MsRPC - ok
16:26:10.0346 1736 mssmbios (bae5ad5fe06d86826b033e22178f5d3a) C:\Windows\system32\DRIVERS\mssmbios.sys
16:26:10.0359 1736 mssmbios - ok
16:26:10.0380 1736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:26:10.0432 1736 MSTEE - ok
16:26:10.0452 1736 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
16:26:10.0467 1736 Mup - ok
16:26:10.0529 1736 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
16:26:10.0576 1736 NativeWifiP - ok
16:26:10.0635 1736 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
16:26:10.0668 1736 NDIS - ok
16:26:10.0689 1736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:26:10.0732 1736 NdisTapi - ok
16:26:10.0755 1736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:26:10.0792 1736 Ndisuio - ok
16:26:10.0823 1736 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
16:26:10.0864 1736 NdisWan - ok
16:26:10.0880 1736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:26:10.0929 1736 NDProxy - ok
16:26:10.0985 1736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:26:11.0029 1736 NetBIOS - ok
16:26:11.0060 1736 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
16:26:11.0107 1736 netbt - ok
16:26:11.0150 1736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:26:11.0161 1736 nfrd960 - ok
16:26:11.0209 1736 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
16:26:11.0247 1736 Npfs - ok
16:26:11.0274 1736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:26:11.0325 1736 nsiproxy - ok
16:26:11.0484 1736 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
16:26:11.0575 1736 Ntfs - ok
16:26:11.0615 1736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:26:11.0675 1736 ntrigdigi - ok
16:26:11.0685 1736 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:26:11.0727 1736 Null - ok
16:26:11.0791 1736 NVENETFD (adb84b1e6b837c45443aa25abe9e7012) C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:26:11.0880 1736 NVENETFD - ok
16:26:11.0933 1736 NVHDA (faa22e6256d9fa2c7f77b67c68cdd749) C:\Windows\system32\drivers\nvhda32v.sys
16:26:11.0941 1736 NVHDA - ok
16:26:12.0173 1736 nvlddmkm (cd10cf6c0200a6fe2f9ed9747ba123a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:26:12.0815 1736 nvlddmkm - ok
16:26:12.0929 1736 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:26:12.0945 1736 nvraid - ok
16:26:12.0996 1736 nvsmu (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys
16:26:13.0025 1736 nvsmu - ok
16:26:13.0053 1736 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:26:13.0067 1736 nvstor - ok
16:26:13.0112 1736 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
16:26:13.0126 1736 nvstor32 - ok
16:26:13.0157 1736 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:26:13.0173 1736 nv_agp - ok
16:26:13.0215 1736 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:26:13.0297 1736 ohci1394 - ok
16:26:13.0370 1736 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:26:13.0458 1736 Parport - ok
16:26:13.0470 1736 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
16:26:13.0486 1736 partmgr - ok
16:26:13.0507 1736 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:26:13.0559 1736 Parvdm - ok
16:26:13.0599 1736 pci (08e119feb14a64db6572965b0467bf00) C:\Windows\system32\drivers\pci.sys
16:26:13.0613 1736 pci - ok
16:26:13.0639 1736 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:26:13.0650 1736 pciide - ok
16:26:13.0678 1736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:26:13.0692 1736 pcmcia - ok
16:26:13.0752 1736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:26:13.0879 1736 PEAUTH - ok
16:26:13.0966 1736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:26:14.0006 1736 PptpMiniport - ok
16:26:14.0037 1736 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:26:14.0074 1736 Processor - ok
16:26:14.0152 1736 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
16:26:14.0201 1736 PSched - ok
16:26:14.0255 1736 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
16:26:14.0266 1736 PxHelp20 - ok
16:26:14.0330 1736 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:26:14.0420 1736 ql2300 - ok
16:26:14.0458 1736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:26:14.0473 1736 ql40xx - ok
16:26:14.0507 1736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:26:14.0542 1736 QWAVEdrv - ok
16:26:14.0571 1736 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:26:14.0627 1736 RasAcd - ok
16:26:14.0645 1736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:26:14.0686 1736 Rasl2tp - ok
16:26:14.0710 1736 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
16:26:14.0748 1736 RasPppoe - ok
16:26:14.0764 1736 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
16:26:14.0803 1736 RasSstp - ok
16:26:14.0827 1736 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
16:26:14.0869 1736 rdbss - ok
16:26:14.0890 1736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:26:14.0930 1736 RDPCDD - ok
16:26:14.0961 1736 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:26:14.0998 1736 rdpdr - ok
16:26:15.0010 1736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:26:15.0053 1736 RDPENCDD - ok
16:26:15.0099 1736 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
16:26:15.0146 1736 RDPWD - ok
16:26:15.0197 1736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:26:15.0222 1736 rspndr - ok
16:26:15.0257 1736 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
16:26:15.0283 1736 RTSTOR - ok
16:26:15.0355 1736 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
16:26:15.0365 1736 s0017bus - ok
16:26:15.0412 1736 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
16:26:15.0419 1736 s0017mdfl - ok
16:26:15.0455 1736 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
16:26:15.0465 1736 s0017mdm - ok
16:26:15.0562 1736 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
16:26:15.0572 1736 s0017mgmt - ok
16:26:15.0597 1736 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
16:26:15.0606 1736 s0017nd5 - ok
16:26:15.0665 1736 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
16:26:15.0677 1736 s0017obex - ok
16:26:15.0707 1736 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
16:26:15.0719 1736 s0017unic - ok
16:26:15.0757 1736 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:26:15.0772 1736 sbp2port - ok
16:26:15.0818 1736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:26:15.0903 1736 secdrv - ok
16:26:15.0939 1736 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:26:16.0025 1736 Serenum - ok
16:26:16.0053 1736 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:26:16.0140 1736 Serial - ok
16:26:16.0166 1736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:26:16.0220 1736 sermouse - ok
16:26:16.0265 1736 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:26:16.0295 1736 sffdisk - ok
16:26:16.0326 1736 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:26:16.0378 1736 sffp_mmc - ok
16:26:16.0398 1736 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:26:16.0442 1736 sffp_sd - ok
16:26:16.0470 1736 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:26:16.0523 1736 sfloppy - ok
16:26:16.0559 1736 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:26:16.0570 1736 sisagp - ok
16:26:16.0595 1736 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:26:16.0607 1736 SiSRaid2 - ok
16:26:16.0628 1736 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:26:16.0640 1736 SiSRaid4 - ok
16:26:16.0679 1736 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
16:26:16.0723 1736 Smb - ok
16:26:16.0759 1736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:26:16.0770 1736 spldr - ok
16:26:16.0838 1736 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
16:26:16.0877 1736 srv - ok
16:26:16.0932 1736 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
16:26:16.0988 1736 srv2 - ok
16:26:17.0048 1736 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
16:26:17.0080 1736 srvnet - ok
16:26:17.0133 1736 swenum (30bb5b1709cbc55e913b3e045a918fa4) C:\Windows\system32\DRIVERS\swenum.sys
16:26:17.0146 1736 swenum - ok
16:26:17.0182 1736 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:26:17.0196 1736 Symc8xx - ok
16:26:17.0218 1736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:26:17.0232 1736 Sym_hi - ok
16:26:17.0260 1736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:26:17.0273 1736 Sym_u3 - ok
16:26:17.0310 1736 SynTP (be78198c69135ef1fa157e08fd5c90ff) C:\Windows\system32\DRIVERS\SynTP.sys
16:26:17.0326 1736 SynTP - ok
16:26:17.0433 1736 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
16:26:17.0507 1736 Tcpip - ok
16:26:17.0548 1736 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
16:26:17.0608 1736 Tcpip6 - ok
16:26:17.0636 1736 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
16:26:17.0685 1736 tcpipreg - ok
16:26:17.0706 1736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:26:17.0757 1736 TDPIPE - ok
16:26:17.0789 1736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:26:17.0827 1736 TDTCP - ok
16:26:17.0898 1736 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
16:26:17.0965 1736 tdx - ok
16:26:18.0026 1736 TermDD (f1fdc25380476e66fd1c1604245e1735) C:\Windows\system32\DRIVERS\termdd.sys
16:26:18.0046 1736 TermDD - ok
16:26:18.0103 1736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:26:18.0149 1736 tssecsrv - ok
16:26:18.0176 1736 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:26:18.0210 1736 tunmp - ok
16:26:18.0250 1736 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
16:26:18.0291 1736 tunnel - ok
16:26:18.0329 1736 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:26:18.0340 1736 uagp35 - ok
16:26:18.0374 1736 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
16:26:18.0407 1736 udfs - ok
16:26:18.0459 1736 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:26:18.0471 1736 uliagpkx - ok
16:26:18.0507 1736 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:26:18.0523 1736 uliahci - ok
16:26:18.0551 1736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:26:18.0563 1736 UlSata - ok
16:26:18.0576 1736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:26:18.0589 1736 ulsata2 - ok
16:26:18.0609 1736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:26:18.0633 1736 umbus - ok
16:26:18.0690 1736 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
16:26:18.0722 1736 USBAAPL - ok
16:26:18.0760 1736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:26:18.0818 1736 usbccgp - ok
16:26:18.0866 1736 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:26:18.0918 1736 usbcir - ok
16:26:18.0937 1736 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
16:26:18.0978 1736 usbehci - ok
16:26:19.0004 1736 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
16:26:19.0031 1736 usbhub - ok
16:26:19.0068 1736 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
16:26:19.0114 1736 usbohci - ok
16:26:19.0148 1736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:26:19.0172 1736 usbprint - ok
16:26:19.0196 1736 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:26:19.0239 1736 USBSTOR - ok
16:26:19.0278 1736 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:26:19.0318 1736 usbuhci - ok
16:26:19.0353 1736 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:26:19.0399 1736 usbvideo - ok
16:26:19.0445 1736 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:26:19.0473 1736 vga - ok
16:26:19.0495 1736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:26:19.0539 1736 VgaSave - ok
16:26:19.0565 1736 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:26:19.0577 1736 viaagp - ok
16:26:19.0600 1736 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:26:19.0642 1736 ViaC7 - ok
16:26:19.0664 1736 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:26:19.0675 1736 viaide - ok
16:26:19.0706 1736 volmgr (5a96b800dac3bc827af9d89b60d2025d) C:\Windows\system32\drivers\volmgr.sys
16:26:19.0720 1736 volmgr - ok
16:26:19.0751 1736 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
16:26:19.0774 1736 volmgrx - ok
16:26:19.0802 1736 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
16:26:19.0822 1736 volsnap - ok
16:26:19.0854 1736 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:26:19.0870 1736 vsmraid - ok
16:26:19.0910 1736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:26:19.0977 1736 WacomPen - ok
16:26:20.0004 1736 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:26:20.0046 1736 Wanarp - ok
16:26:20.0058 1736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:26:20.0088 1736 Wanarpv6 - ok
16:26:20.0125 1736 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:26:20.0136 1736 Wd - ok
16:26:20.0176 1736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:26:20.0201 1736 Wdf01000 - ok
16:26:20.0301 1736 winusb (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\winusb.sys
16:26:20.0347 1736 winusb - ok
16:26:20.0386 1736 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
16:26:20.0421 1736 WmiAcpi - ok
16:26:20.0498 1736 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
16:26:20.0533 1736 WpdUsb - ok
16:26:20.0559 1736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:26:20.0620 1736 ws2ifsl - ok
16:26:20.0684 1736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:26:20.0736 1736 WUDFRd - ok
16:26:20.0783 1736 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
16:26:20.0791 1736 XUIF - ok
16:26:20.0846 1736 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
16:26:20.0915 1736 ZTEusbmdm6k - ok
16:26:20.0943 1736 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
16:26:20.0957 1736 ZTEusbnmea - ok
16:26:20.0981 1736 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
16:26:20.0995 1736 ZTEusbser6k - ok
16:26:21.0094 1736 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HomeCinema\PlayMovie\000.fcl
16:26:21.0105 1736 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
16:26:21.0141 1736 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HomeCinema\PowerDVD8\000.fcl
16:26:21.0152 1736 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
16:26:21.0160 1736 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:26:21.0247 1736 \Device\Harddisk0\DR0 - ok
16:26:21.0253 1736 Boot (0x1200) (2bdd3a8864af13e27544e4bde4d831c6) \Device\Harddisk0\DR0\Partition0
16:26:21.0255 1736 \Device\Harddisk0\DR0\Partition0 - ok
16:26:21.0258 1736 ============================================================
16:26:21.0258 1736 Scan finished
16:26:21.0258 1736 ============================================================
16:26:21.0278 1620 Detected object count: 0
16:26:21.0278 1620 Actual detected object count: 0

Alt 07.03.2012, 16:33   #8
sumo
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



hi,

so jetzt der MBRcheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Medion
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: Medion
System Product Name: P8610
Logical Drives Mask: 0x00000014

Kernel Drivers (total 146):
0x82238000 \SystemRoot\system32\ntkrnlpa.exe
0x82205000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80476000 \SystemRoot\system32\PSHED.dll
0x80487000 \SystemRoot\system32\BOOTVID.dll
0x8048F000 \SystemRoot\system32\CLFS.SYS
0x804D0000 \SystemRoot\system32\CI.dll
0x805B0000 \SystemRoot\System32\drivers\vrmphmm.sys
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80787000 \SystemRoot\System32\drivers\mountmgr.sys
0x80797000 \SystemRoot\system32\drivers\atapi.sys
0x8079F000 \SystemRoot\system32\drivers\ataport.SYS
0x807BD000 \SystemRoot\system32\drivers\msahci.sys
0x807C7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88805000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88876000 \SystemRoot\system32\drivers\ndis.sys
0x88981000 \SystemRoot\system32\drivers\msrpc.sys
0x889AC000 \SystemRoot\system32\drivers\NETIO.SYS
0x88A02000 \SystemRoot\System32\drivers\tcpip.sys
0x88AEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88C0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D1A000 \SystemRoot\system32\drivers\volsnap.sys
0x88D53000 \SystemRoot\System32\Drivers\spldr.sys
0x88D5B000 \SystemRoot\System32\Drivers\mup.sys
0x88D6A000 \SystemRoot\System32\drivers\ecache.sys
0x88D91000 \SystemRoot\system32\drivers\disk.sys
0x88DA2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88DC3000 \SystemRoot\system32\drivers\crcdisk.sys
0x88DEE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88B06000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88B15000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88B28000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88B33000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x88C09000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88B63000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88B6E000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88B77000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88B81000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88BBF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88BCE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C80F000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C90E000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x8C915000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C92D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8D53E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D5DD000 \SystemRoot\System32\drivers\watchdog.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CA07000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CAEE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CAF2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CB20000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CB61000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CB6C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CB83000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CB8E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CBB1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CBC0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CBD4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CBE9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CBF9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C933000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D5EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C95D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C96A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C99E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D601000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D812000 \SystemRoot\system32\drivers\portcls.sys
0x8D83F000 \SystemRoot\system32\drivers\drmk.sys
0x8D864000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8D872000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D87B000 \SystemRoot\System32\Drivers\Null.SYS
0x8D882000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D889000 \SystemRoot\System32\drivers\vga.sys
0x8D895000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D8B6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D8BE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D8C6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D8D1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D8DF000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D8E8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D8FE000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D912000 \SystemRoot\system32\drivers\afd.sys
0x8D95A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D98C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D9A2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D9B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D9C3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D5F4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CBFB000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8C9AF000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C9C6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C9D3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C9DE000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8C9E8000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x96030000 \SystemRoot\System32\win32k.sys
0x8C800000 \SystemRoot\System32\drivers\Dxapi.sys
0x88DCC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x88DD5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CA00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88BE0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x88DE5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x96409000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9642A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96250000 \SystemRoot\System32\TSDDD.dll
0x96439000 \SystemRoot\system32\drivers\luafv.sys
0x96454000 \SystemRoot\system32\drivers\spsys.sys
0x96503000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96513000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9653D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x96547000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9655A000 \SystemRoot\system32\drivers\HTTP.sys
0x965C7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x965E4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x889E6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA2804000 \SystemRoot\system32\drivers\mrxdav.sys
0xA2824000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2843000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA287C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2894000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA28BC000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2923000 \??\C:\Windows\system32\drivers\acedrv11.sys
0xA440F000 \SystemRoot\system32\drivers\peauth.sys
0xA44ED000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA44F7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4503000 \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
0xA4524000 \??\C:\Program Files\HomeCinema\PowerDVD8\000.fcl
0x96280000 \SystemRoot\System32\cdd.dll
0xA4545000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA45B1000
0xA45D2000
0x77090000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
460 C:\Windows\System32\smss.exe
568 csrss.exe
624 C:\Windows\System32\wininit.exe
636 csrss.exe
672 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\nvvsvc.exe
924 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\audiodg.exe
1184 C:\Windows\System32\SLsvc.exe
1220 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\winlogon.exe
1432 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\rundll32.exe
1716 C:\Windows\System32\wlanext.exe
1884 C:\Windows\System32\spoolsv.exe
1920 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\taskeng.exe
472 C:\Windows\System32\taskeng.exe
520 C:\Windows\System32\dwm.exe
904 C:\Windows\explorer.exe
688 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
640 C:\Program Files\Bonjour\mDNSResponder.exe
644 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2200 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2244 C:\Windows\System32\IoctlSvc.exe
2268 C:\Windows\System32\svchost.exe
2288 C:\Windows\System32\PSIService.exe
2336 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2384 C:\Windows\System32\svchost.exe
2420 C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
2460 C:\Windows\System32\svchost.exe
2492 C:\Windows\System32\SearchIndexer.exe
2544 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2596 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
3168 C:\Program Files\Windows Defender\MSASCui.exe
3204 C:\Windows\RtHDVCpl.exe
3224 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3276 C:\Windows\System32\rundll32.exe
3344 C:\Program Files\Cyberlink\Shared files\brs.exe
3420 C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
3472 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3532 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3700 C:\Windows\WindowsMobile\wmdSync.exe
3760 C:\Windows\System32\svchost.exe
3784 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3880 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
3904 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3940 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3952 C:\Program Files\1&1 Surf-Stick\UIExec.exe
4020 C:\Program Files\iTunes\iTunesHelper.exe
4084 C:\Program Files\Windows Sidebar\sidebar.exe
2188 C:\Users\sumo\Bitcomet\BitComet.exe
2240 C:\Windows\ehome\ehtray.exe
2412 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
2472 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2556 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
2640 C:\Program Files\Windows Media Player\wmpnscfg.exe
2896 C:\Windows\ehome\ehmsas.exe
1956 C:\Program Files\Windows Media Player\wmpnetwk.exe
3588 C:\Program Files\iPod\bin\iPodService.exe
4424 C:\Program Files\Mozilla Firefox\firefox.exe
4748 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3220 C:\Windows\System32\wuauclt.exe
5168 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
1988 C:\Program Files\WinRAR\WinRAR.exe
4004 C:\Windows\System32\SearchProtocolHost.exe
5516 C:\Windows\System32\SearchFilterHost.exe
5384 C:\Users\sumo\Desktop\MBRCheck.exe
1460 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00004000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Alt 07.03.2012, 16:36   #9
Chris4You
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



Hi,

wie verhält sich der Rechner? Wieder alles Ok?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.03.2012, 16:44   #10
sumo
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



Hi,
jup die Fehlermeldung ist nicht mehr aufgetreten, scheint alles ok zu sein.

Alt 07.03.2012, 16:49   #11
Chris4You
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



Hi,

Du solltest noch alle Paswörter ändern (Spyeye..)...
Das Verzeichnis C:\_OTL kannst Du löschen, ab- und an MAM updaten und Fullscan laufen lassen...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 08.03.2012, 00:42   #12
sumo
 
Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Standard

Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€



hi,

super herzlichen dank für die schnelle und kompetente Hilfe. Deinen Ratschlag werde ich berücksichtigen.

Antwort

Themen zu Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€
alternate, autorun, benutzerregistrierung, bho, blockiert, bonjour, canon, desktop, downloader, error, firefox, format, ftp, helper, home, install.exe, installation, internet, intranet, jdownloader, logfile, microsoft office word, ntdll.dll, nvstor.sys, plug-in, realtek, registry, required, rundll, scan, searchscopes, senden, software, svchost.exe, udp, usb 2.0, version=1.0, virus, vista




Ähnliche Themen: Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€


  1. Virus: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert", OTL ausgeführt, was nun?
    Log-Analyse und Auswertung - 08.04.2012 (5)
  2. Schwarzer Bildschirm, Deutschlandflagge, "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.04.2012 (9)
  3. Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert"
    Log-Analyse und Auswertung - 22.03.2012 (28)
  4. Windowssystem aus Sicherheitsgründen blockiert! neuere Version des "BKA-Virus"?
    Log-Analyse und Auswertung - 21.03.2012 (7)
  5. Virus "aus Sicherheitsgründen Windowssystem blockiert" entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (11)
  6. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert", wie bei anderen.
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (2)
  7. "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - Virus, nun auch bei mir!
    Log-Analyse und Auswertung - 13.02.2012 (22)
  8. Zusatzproblem mit Virus: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 09.02.2012 (5)
  9. 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert"
    Log-Analyse und Auswertung - 01.02.2012 (8)
  10. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" OTLogfile im Anhang
    Log-Analyse und Auswertung - 26.01.2012 (1)
  11. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem Blockiert, "Bezahlen nd Downloaden"
    Log-Analyse und Auswertung - 23.01.2012 (3)
  12. Windows 7 blockiert! Achtung! "Aus Sicherheitsgründen wurde ihr windowssystem blockiert"
    Log-Analyse und Auswertung - 17.01.2012 (8)
  13. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert ... "bezahlen und runterladen"
    Log-Analyse und Auswertung - 05.01.2012 (9)
  14. "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" Virus
    Log-Analyse und Auswertung - 28.12.2011 (1)
  15. "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" logfile mbam-log-2011-12-08 (08-08-36).tx
    Log-Analyse und Auswertung - 08.12.2011 (1)
  16. Virus eingefangen: "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 05.12.2011 (25)
  17. roter Bildschirm "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Hilfe
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (18)

Zum Thema Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ - Hi, als ich im Internet surfte ging auf einmal ein Fenster auf mit der obigen Meldung und ich konnte nichts mehr machen. Ich sollte 50€ bezahlen damit es wieder funktioniert. - Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€...
Archiv
Du betrachtest: Virus "aus Sicherheitsgründen Windowssystem blockiert" 50€ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.