| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Data Recovery, S.M.A.R.T RepairWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.07.2012, 13:54
| #1 |
| |  Data Recovery, S.M.A.R.T Repair Hallo zusammen, auf dem Netbook meiner Frau scheint alles weg zu sein. Desktop ist schwarz, Eigene Dateien sind weg ... Ein Programm namens DataRecovery öffnet sich ständig und führt einen Scann durch. Es erscheint immer ca. 20-30 mal System Message - Write Fault Error Das Programm möchte das wir bereinigen und dafür das Programm für Geld aktivieren. Könnt Ihr uns vielleicht helfen??? Meine Frau verzweifelt schon weil Sie an Ihre Dateien nicht rankommt. Danke im voraus Leve |
|
03.07.2012, 16:08
| #2 |
| /// Malware-holic   | Data Recovery, S.M.A.R.T Repair hi
__________________starte mal neu, drücke f8 wähle abgesicherter modus mit netzwerk, melde dich im betroffenen konto an, das arbeiten sollte möglich sein. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
03.07.2012, 16:39
| #3 |
| | Data Recovery, S.M.A.R.T Repair Ok, werde dann die OTL und Extras kopieren. Danke das sich jemand unserem Problem annimmt.
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.07.2012 17:47:40 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ilona\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,18 Mb Total Physical Memory | 334,18 Mb Available Physical Memory | 32,95% Memory free 2,16 Gb Paging File | 1,09 Gb Available in Paging File | 50,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80,00 Gb Total Space | 45,82 Gb Free Space | 57,27% Space Free | Partition Type: NTFS Drive D: | 59,03 Gb Total Space | 20,56 Gb Free Space | 34,83% Space Free | Partition Type: NTFS Computer Name: ILONA-HOME | User Name: Ilona | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.03 14:25:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ilona\Desktop\OTL.exe PRC - [2012.05.30 16:20:21 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fssm32.exe PRC - [2012.05.30 16:20:19 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\FSGK32.EXE PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.08 11:06:00 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsav32.exe PRC - [2011.10.04 13:33:38 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe PRC - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe PRC - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2011.05.31 15:34:31 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.24 18:53:42 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe PRC - [2010.12.20 18:12:55 | 000,330,696 | ---- | M] () -- C:\Program Files\Verbindungsassistent\wtgservice.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.07.13 23:26:12 | 004,302,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe PRC - [2010.07.13 23:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe PRC - [2010.07.13 23:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe PRC - [2010.01.07 00:24:32 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009.12.30 01:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe PRC - [2009.10.17 07:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2009.09.11 21:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009.08.28 01:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2009.08.19 03:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009.08.12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009.08.05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE PRC - [2009.08.05 17:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSM32.EXE PRC - [2009.08.05 17:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSHDLL32.EXE PRC - [2009.08.05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe PRC - [2009.07.20 11:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2009.06.05 05:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2011.10.04 13:33:38 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe MOD - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL MOD - [2009.12.30 01:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe MOD - [2009.08.05 17:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSPC\fspcfsm.eng MOD - [2009.08.05 17:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\unitymedia\sicherheitspaket\hips\fshook32.dll MOD - [2009.08.05 17:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\strres.eng MOD - [2009.08.05 17:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\gres.dll MOD - [2009.08.05 17:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\flyerres.eng MOD - [2009.08.05 17:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\fsavures.eng MOD - [2009.08.05 17:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\about.dll MOD - [2009.08.05 17:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\aboutres.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.22 12:36:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.364.0\BBSvc.exe -- (BBSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2011.05.31 15:34:31 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2010.12.24 18:53:42 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2010.12.20 18:12:55 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Verbindungsassistent\wtgservice.exe -- (WTGService) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.07.13 23:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2010.07.13 23:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2009.08.19 03:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009.08.05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE -- (FSMA) SRV - [2009.08.05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - [2012.07.03 14:47:54 | 000,043,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\uhbdhqse.sys -- (uhbdhqse) DRV - [2012.07.03 01:53:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.05.30 16:21:32 | 000,149,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2012.05.10 10:04:38 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts) DRV - [2012.04.22 08:57:19 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2012.04.22 08:57:19 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.04.22 08:57:19 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.12.24 18:55:21 | 000,073,160 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2010.12.24 18:54:04 | 000,036,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.05.19 23:52:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2009.09.22 01:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2009.08.05 17:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2009.08.05 17:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2009.07.27 09:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009.07.20 11:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.07.06 04:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009.07.01 06:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2007.02.16 21:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: searchpredict@speedbit.com:1.0.1.0 FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ilona\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ilona\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Unitymedia\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.06.05 18:15:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2011.01.28 14:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2011.01.28 14:24:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 12:36:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.30 11:54:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 12:36:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.30 11:54:12 | 000,000,000 | ---D | M] [2010.12.22 19:39:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ilona\AppData\Roaming\mozilla\Extensions [2010.12.22 19:39:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ilona\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.29 11:40:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ilona\AppData\Roaming\mozilla\Firefox\Profiles\13ebfkj8.default\extensions [2012.03.29 23:52:03 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Ilona\AppData\Roaming\mozilla\Firefox\Profiles\13ebfkj8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.30 20:23:00 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-1.xml [2011.09.02 02:38:41 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-2.xml [2011.09.08 13:09:45 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-3.xml [2011.10.03 16:16:12 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-4.xml [2011.11.13 11:07:14 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-5.xml [2011.12.26 21:01:03 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-6.xml [2012.02.03 17:54:58 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-7.xml [2012.02.20 14:19:50 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-8.xml [2012.02.23 23:53:40 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-9.xml [2011.06.19 21:15:16 | 000,001,056 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin.xml [2012.02.24 18:20:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.06.29 11:40:17 | 000,743,305 | -H-- | M] () (No name found) -- C:\USERS\ILONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13EBFKJ8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.22 12:36:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.07 21:21:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.07 21:21:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.07 21:21:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.07 21:21:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.07 21:21:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.07 21:21:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (Speedbit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll (Speedbit Ltd.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe () O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKCU..\Run: [biiWPEJPdbnXvw.exe] C:\ProgramData\biiWPEJPdbnXvw.exe () O4 - Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13E9E72E-1613-4435-835A-3581AEFA8EB7}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0bfd3d3d-1e9a-11e1-a8b0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0bfd3d3d-1e9a-11e1-a8b0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0bfd3d54-1e9a-11e1-a8b0-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{0bfd3d54-1e9a-11e1-a8b0-485b3918c266}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0bfd3d64-1e9a-11e1-a8b0-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{0bfd3d64-1e9a-11e1-a8b0-485b3918c266}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0cf64326-0dda-11e0-af6d-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{0cf64326-0dda-11e0-af6d-485b3918c266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0cf6432b-0dda-11e0-af6d-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{0cf6432b-0dda-11e0-af6d-485b3918c266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2065968b-00d7-11e0-8249-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{2065968b-00d7-11e0-8249-485b3918c266}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2065968f-00d7-11e0-8249-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{2065968f-00d7-11e0-8249-485b3918c266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ecf55d83-8c35-11e1-a6ca-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{ecf55d83-8c35-11e1-a6ca-485b3918c266}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{ecf55d90-8c35-11e1-a6ca-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{ecf55d90-8c35-11e1-a6ca-485b3918c266}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{ecf55da5-8c35-11e1-a6ca-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{ecf55da5-8c35-11e1-a6ca-485b3918c266}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{ecf55db6-8c35-11e1-a6ca-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{ecf55db6-8c35-11e1-a6ca-485b3918c266}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: BambooScribeAutoStart.vbe - hkey= - key= - C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe () MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.03 14:28:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ilona\Desktop\OTL.exe [2012.07.03 14:05:46 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{72D580AA-308C-4DE9-860F-26E1FE7F23DA} [2012.07.03 13:35:25 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{AFA6F61B-5343-43C3-8D3D-C1030FA95864} [2012.07.03 01:53:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012.07.03 01:42:58 | 000,000,000 | -H-D | C] -- C:\TDSSKiller_Quarantine [2012.07.03 00:25:48 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Roaming\Malwarebytes [2012.07.03 00:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.03 00:25:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2012.07.03 00:24:35 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.07.03 00:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.02 23:21:05 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.07.02 16:45:16 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{BABE367C-D948-4B8C-9262-E84F8C13B867} [2012.07.02 16:44:45 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F289AB16-2A5C-416C-99A7-6EA5235CBA41} [2012.06.30 20:01:18 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{CCAF08BF-6DFF-45BB-8AE4-8484BC91DEB3} [2012.06.29 12:26:47 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{6A304200-0D27-4B43-B9CB-B56085BE90B2} [2012.06.29 12:26:33 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{2EA902FF-56C7-4387-9143-8698B41AEB10} [2012.06.29 11:41:44 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{D3F886DF-DC0B-40A9-91F2-03337C1A3599} [2012.06.28 23:25:43 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{E3DC5EFA-482B-49AE-BE5C-9CFA0C71BEB8} [2012.06.28 23:24:40 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{349597B7-3672-4064-AADB-5684042C57C4} [2012.06.27 14:44:25 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{1675F396-3C64-418D-98EC-ACE7D9A99D9E} [2012.06.27 14:44:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{7B5371BB-7B42-4626-9657-BE054BDF2556} [2012.06.25 11:15:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{6A067B8C-B646-48A3-AD04-5394533ECC15} [2012.06.25 11:14:52 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{108ECA9D-C128-43A8-ADE0-E8EEFCC602AF} [2012.06.24 18:05:18 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F6190F3E-ACA5-466A-811C-A56C54171F69} [2012.06.24 18:04:39 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{A91A696E-0B3E-468C-B32B-F13FEBD924EE} [2012.06.23 15:33:32 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F994D70F-2114-4650-862C-59043BACFA27} [2012.06.23 15:33:16 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{FB04F42E-B773-4146-9BD2-8D5EA0D438A8} [2012.06.23 15:28:46 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{450B2E71-01FA-4416-B69F-D6C1702DAEAC} [2012.06.22 12:36:11 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{11FF019D-9A72-451D-858E-49DDEE8534C2} [2012.06.22 12:35:56 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F534263D-FF69-4AA7-9C22-C22D042877D7} [2012.06.21 20:32:42 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{C2675C5B-FDC3-4E12-A2BD-9786023FF4F6} [2012.06.21 20:32:25 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{A109646C-0FCD-48C8-BB4C-EB28FFE976B0} [2012.06.19 09:34:41 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{581F549A-C5B8-4A85-AE93-725966EFD6CB} [2012.06.19 09:34:10 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{B0730C56-F1EC-4367-BA3F-42A0F5568215} [2012.06.18 11:08:01 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{D9339E4C-3C26-4EC3-848E-F90AA15C89A5} [2012.06.16 18:48:34 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{287A41C1-AC6A-4774-B0EF-F2545252AF36} [2012.06.15 08:02:53 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{B3B08B14-4916-48FB-AEA5-8DDE16EC5274} [2012.06.14 11:12:37 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{2CB7C0A9-42C5-473F-A3CF-DBF39B44C562} [2012.06.14 11:12:02 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{8945853F-3FC2-4336-8AE6-D972FBE9BA2E} [2012.06.14 10:03:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{7C7EEFF6-D564-4846-A353-1E27C6229BEB} [2012.06.14 10:02:53 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{595B5184-7674-4536-8D75-4677A2000E7B} [2012.06.13 09:40:48 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{BD6E58AE-B4BC-4384-8411-39768F62B50C} [2012.06.13 09:40:03 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{CD88B638-C417-4485-AEB0-7B5401701567} [2012.06.12 17:18:37 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{9FE6EC6A-C022-4BF2-9FB7-03C5992F5E9B} [2012.06.12 17:18:09 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{A8B126FB-A408-4F83-B03E-E30C0A2A0194} [2012.06.12 17:16:14 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{93C19824-0F2A-4B01-B26B-53F90A088405} [2012.06.11 10:06:35 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{10850E1A-9766-46CC-95DF-EF89C48818CE} [2012.06.11 10:06:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{BE88980E-C39C-414B-9627-64E16EE510CC} [2012.06.08 14:06:30 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\HP [2012.06.08 14:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.06.08 14:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2012.06.08 14:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.06.08 13:59:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\HP [2012.06.08 06:47:55 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F67223B8-32E3-4963-90D8-CE7FDD4AB3D0} [2012.06.08 06:47:00 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{B27A6BF8-8B96-46C3-BE8E-79846F94789B} [2012.06.07 15:20:24 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{A66C70CD-127E-438B-B530-F4B40CC6A2ED} [2012.06.07 15:20:00 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{84C3388F-E8E9-426A-B379-0AB0F490C845} [2012.06.06 17:43:20 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{AA80E774-313D-4B1A-8BA2-9B1FC1689F47} [2012.06.06 17:43:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{140FEB41-E87C-482D-A1DC-8C8F42BCAC74} [2012.06.06 15:15:11 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{AF84AEFC-EC44-4101-9BDC-9F66F1BA3746} [2012.06.05 21:52:13 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{9EF485B0-3987-49D6-A9B7-C02702A544F7} [2012.06.05 21:51:58 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{14DED362-89A0-4B4B-891C-5043FE7A6177} [2012.06.05 18:14:29 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\.thumbnails [2012.06.05 18:06:19 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{ADBED957-A0A1-4E6B-8307-57249FA80B3D} ========== Files - Modified Within 30 Days ========== [2012.07.03 17:13:03 | 000,001,120 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3598527403-3197133421-4079309968-1000UA.job [2012.07.03 14:27:12 | 000,002,363 | -H-- | M] () -- C:\Users\Ilona\Desktop\Google Chrome.lnk [2012.07.03 14:25:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ilona\Desktop\OTL.exe [2012.07.03 14:21:43 | 000,000,000 | -H-- | M] () -- C:\Users\Ilona\defogger_reenable [2012.07.03 14:16:35 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 14:16:35 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 14:10:46 | 000,050,477 | -H-- | M] () -- C:\Users\Ilona\Desktop\Defogger.exe [2012.07.03 14:02:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.03 14:02:27 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2012.07.03 01:53:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012.07.03 01:35:34 | 002,075,184 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Ilona\Desktop\TDSSKiller.exe [2012.07.03 00:25:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 00:04:42 | 000,666,366 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.07.03 00:04:42 | 000,627,512 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.07.03 00:04:42 | 000,136,020 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.07.03 00:04:42 | 000,111,810 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.07.02 23:28:11 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-McCBw5c66nSc0Cr [2012.07.02 23:28:11 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-McCBw5c66nSc0C [2012.07.02 23:28:04 | 000,000,256 | -H-- | M] () -- C:\ProgramData\McCBw5c66nSc0C [2012.07.02 23:20:37 | 000,254,712 | -H-- | M] () -- C:\ProgramData\McCBw5c66nSc0C.exe [2012.07.02 23:06:28 | 000,346,360 | -H-- | M] () -- C:\ProgramData\biiWPEJPdbnXvw.exe [2012.07.02 23:03:53 | 000,106,174 | -H-- | M] () -- C:\Users\Ilona\Desktop\227502218645986791_1tV3JNq3_c.jpg [2012.07.02 23:03:28 | 000,091,091 | -H-- | M] () -- C:\Users\Ilona\Desktop\267330927850546803_GlGpOpP3_c.jpg [2012.07.02 23:03:07 | 000,026,551 | -H-- | M] () -- C:\Users\Ilona\Desktop\175921929163917745_MoQz17bn_c.jpg [2012.07.02 20:13:07 | 000,001,068 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3598527403-3197133421-4079309968-1000Core.job [2012.06.30 22:12:50 | 000,729,371 | -H-- | M] () -- C:\Users\Ilona\Desktop\index1.png [2012.06.30 22:12:32 | 000,729,371 | -H-- | M] () -- C:\Users\Ilona\Desktop\index.png [2012.06.30 22:02:14 | 000,004,427 | -H-- | M] () -- C:\Users\Ilona\Desktop\images1.jpg [2012.06.28 23:52:35 | 000,015,036 | -H-- | M] () -- C:\Users\Ilona\Documents\Nothing gonna change my love for.odt [2012.06.24 21:11:47 | 000,012,759 | -H-- | M] () -- C:\Users\Ilona\Documents\dankeschön give away.odt [2012.06.24 19:12:20 | 000,015,498 | -H-- | M] () -- C:\Users\Ilona\Documents\Give away.odt [2012.06.21 20:45:43 | 000,010,041 | -H-- | M] () -- C:\Users\Ilona\Documents\laura sophia.odt [2012.06.16 21:42:59 | 000,062,219 | -H-- | M] () -- C:\Users\Ilona\Documents\EinladungSchule1.xcf [2012.06.16 21:42:59 | 000,014,165 | -H-- | M] () -- C:\Users\Ilona\AppData\Local\recently-used.xbel [2012.06.16 21:41:52 | 000,073,006 | -H-- | M] () -- C:\Users\Ilona\Documents\Einladung Schule.xcf [2012.06.16 20:13:44 | 000,062,219 | -H-- | M] () -- C:\Users\Ilona\Documents\Schule.xcf [2012.06.14 11:08:06 | 000,378,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.06.13 20:26:40 | 000,033,679 | -H-- | M] () -- C:\Users\Ilona\Documents\Zahnfeebrief Shayna.odt [2012.06.13 20:19:06 | 000,045,415 | -H-- | M] () -- C:\Users\Ilona\Desktop\2180585-5531-.jpg [2012.06.13 19:51:26 | 000,024,040 | -H-- | M] () -- C:\Users\Ilona\Documents\briefpapier-design-13.pdf [2012.06.13 19:41:54 | 000,006,529 | -H-- | M] () -- C:\Users\Ilona\Desktop\imagesfee.jpg [2012.06.13 19:41:53 | 000,020,600 | -H-- | M] () -- C:\Users\Ilona\Desktop\1303807008-497.jpg [2012.06.08 16:18:38 | 000,016,138 | -H-- | M] () -- C:\Users\Ilona\Documents\Adressen Hochzeit.odt [2012.06.08 14:06:26 | 000,019,550 | ---- | M] () -- C:\windows\hpqins13.dat [2012.06.08 14:02:42 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012.06.06 18:52:04 | 000,012,739 | -H-- | M] () -- C:\Users\Ilona\Documents\für die freudentränen.odt ========== Files Created - No Company Name ========== [2012.07.03 14:21:43 | 000,000,000 | -H-- | C] () -- C:\Users\Ilona\defogger_reenable [2012.07.03 14:20:31 | 000,050,477 | -H-- | C] () -- C:\Users\Ilona\Desktop\Defogger.exe [2012.07.03 14:00:12 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.03 14:00:12 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012.07.03 14:00:12 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.03 14:00:12 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk [2012.07.03 14:00:12 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Open Office.lnk [2012.07.03 14:00:12 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\schobuk.lnk [2012.07.03 14:00:12 | 000,000,582 | ---- | C] () -- C:\Users\Public\Desktop\PDFZilla.lnk [2012.07.03 14:00:11 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk [2012.07.03 14:00:11 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012.07.03 14:00:11 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Internet Stick.lnk [2012.07.03 14:00:11 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\capella reader.lnk [2012.07.03 14:00:11 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk [2012.07.03 14:00:11 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.03 14:00:11 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Scribe 3.2.lnk [2012.07.03 14:00:11 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk [2012.07.03 14:00:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 14:00:11 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk [2012.07.03 14:00:11 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer.lnk [2012.07.03 14:00:11 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Comic Life.lnk [2012.07.03 14:00:10 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012.07.03 14:00:10 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.07.03 14:00:10 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012.07.03 14:00:10 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012.07.03 14:00:10 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012.07.03 14:00:10 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012.07.03 14:00:09 | 000,002,228 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2012.07.03 14:00:09 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012.07.03 14:00:08 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012.07.03 14:00:08 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012.07.03 14:00:08 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012.07.03 14:00:05 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2012.07.03 14:00:05 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.03 14:00:04 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2012.07.03 14:00:03 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.07.03 14:00:02 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock.lnk [2012.07.03 13:59:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.07.03 13:59:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.07.03 13:59:57 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk [2012.07.02 23:21:07 | 000,000,136 | -H-- | C] () -- C:\ProgramData\-McCBw5c66nSc0Cr [2012.07.02 23:21:07 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-McCBw5c66nSc0C [2012.07.02 23:20:54 | 000,000,256 | -H-- | C] () -- C:\ProgramData\McCBw5c66nSc0C [2012.07.02 23:20:37 | 000,254,712 | -H-- | C] () -- C:\ProgramData\McCBw5c66nSc0C.exe [2012.07.02 23:09:09 | 000,346,360 | -H-- | C] () -- C:\ProgramData\biiWPEJPdbnXvw.exe [2012.07.02 23:03:52 | 000,106,174 | -H-- | C] () -- C:\Users\Ilona\Desktop\227502218645986791_1tV3JNq3_c.jpg [2012.07.02 23:03:27 | 000,091,091 | -H-- | C] () -- C:\Users\Ilona\Desktop\267330927850546803_GlGpOpP3_c.jpg [2012.07.02 23:02:49 | 000,026,551 | -H-- | C] () -- C:\Users\Ilona\Desktop\175921929163917745_MoQz17bn_c.jpg [2012.06.30 22:12:49 | 000,729,371 | -H-- | C] () -- C:\Users\Ilona\Desktop\index1.png [2012.06.30 22:12:29 | 000,729,371 | -H-- | C] () -- C:\Users\Ilona\Desktop\index.png [2012.06.30 22:01:53 | 000,004,427 | -H-- | C] () -- C:\Users\Ilona\Desktop\images1.jpg [2012.06.28 23:52:35 | 000,015,036 | -H-- | C] () -- C:\Users\Ilona\Documents\Nothing gonna change my love for.odt [2012.06.24 21:11:43 | 000,012,759 | -H-- | C] () -- C:\Users\Ilona\Documents\dankeschön give away.odt [2012.06.24 19:12:17 | 000,015,498 | -H-- | C] () -- C:\Users\Ilona\Documents\Give away.odt [2012.06.21 20:45:43 | 000,010,041 | -H-- | C] () -- C:\Users\Ilona\Documents\laura sophia.odt [2012.06.16 21:42:59 | 000,062,219 | -H-- | C] () -- C:\Users\Ilona\Documents\EinladungSchule1.xcf [2012.06.16 21:42:59 | 000,014,165 | -H-- | C] () -- C:\Users\Ilona\AppData\Local\recently-used.xbel [2012.06.16 21:41:52 | 000,073,006 | -H-- | C] () -- C:\Users\Ilona\Documents\Einladung Schule.xcf [2012.06.16 19:26:57 | 000,062,219 | -H-- | C] () -- C:\Users\Ilona\Documents\Schule.xcf [2012.06.13 20:26:37 | 000,033,679 | -H-- | C] () -- C:\Users\Ilona\Documents\Zahnfeebrief Shayna.odt [2012.06.13 20:18:56 | 000,045,415 | -H-- | C] () -- C:\Users\Ilona\Desktop\2180585-5531-.jpg [2012.06.13 19:51:26 | 000,024,040 | -H-- | C] () -- C:\Users\Ilona\Documents\briefpapier-design-13.pdf [2012.06.13 19:41:18 | 000,020,600 | -H-- | C] () -- C:\Users\Ilona\Desktop\1303807008-497.jpg [2012.06.13 19:39:43 | 000,006,529 | -H-- | C] () -- C:\Users\Ilona\Desktop\imagesfee.jpg [2012.06.08 16:18:35 | 000,016,138 | -H-- | C] () -- C:\Users\Ilona\Documents\Adressen Hochzeit.odt [2012.06.08 13:59:44 | 000,019,550 | ---- | C] () -- C:\windows\hpqins13.dat [2012.06.06 18:52:01 | 000,012,739 | -H-- | C] () -- C:\Users\Ilona\Documents\für die freudentränen.odt [2012.04.13 22:58:02 | 000,014,626 | -H-- | C] () -- C:\Users\Ilona\gottes_liebe_ist_so_wunderbar.gif [2012.04.13 19:41:02 | 000,520,854 | -H-- | C] () -- C:\Users\Ilona\gottes_liebe_ist_so_wunderbar.bmp [2012.04.08 22:43:42 | 005,672,968 | -H-- | C] () -- C:\Users\Ilona\Ilona 1.cl2arc [2012.04.08 21:07:22 | 000,000,008 | RHS- | C] () -- C:\ProgramData\sysqcl1129067056.dat [2012.04.08 19:39:32 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat [2012.02.21 19:45:37 | 001,760,975 | -H-- | C] () -- C:\Users\Ilona\DSC05109.JPG [2012.02.21 19:45:31 | 001,786,838 | -H-- | C] () -- C:\Users\Ilona\DSC05108.JPG [2012.02.21 19:44:32 | 001,751,685 | -H-- | C] () -- C:\Users\Ilona\DSC05092.JPG [2012.02.21 19:43:55 | 001,313,529 | -H-- | C] () -- C:\Users\Ilona\DSC05086.JPG [2011.02.17 21:51:59 | 000,000,090 | -H-- | C] () -- C:\Users\Ilona\AppData\Roaming\wklnhst.dat [2010.12.06 21:09:11 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2010.12.06 21:04:58 | 000,044,184 | ---- | C] () -- C:\windows\System32\drivers\fsbts.sys [2010.12.06 04:36:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.07 00:49:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012.04.22 12:15:51 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\ALDITALKVerbindungsassistent [2010.12.16 03:54:05 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Ambient Design [2011.01.11 17:58:22 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Asus [2012.05.30 16:16:52 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Asus WebStorage [2010.12.16 04:20:52 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Bamboo Explore [2012.04.08 21:07:22 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\CocotronLibrary [2010.01.08 00:43:29 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\E-Cam [2011.01.30 11:35:32 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\fotobuch.de AG [2010.12.10 14:50:06 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\GoBoingo [2011.11.11 23:05:28 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\ICQ [2010.12.10 14:24:46 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\OpenOffice.org [2012.06.23 22:04:16 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\SimpleScreenshot [2011.02.17 21:52:56 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Template [2010.12.22 19:39:43 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Thunderbird [2012.03.17 16:48:04 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Verbindungsassistent [2010.12.24 21:27:04 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Vision Objects [2010.12.22 16:04:29 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Wacom [2010.12.22 16:04:32 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2011.01.27 19:48:25 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Windows Live Writer [2012.01.21 12:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\YCanPDF [2012.06.06 15:14:27 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.05 04:48:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.12.06 21:01:43 | 000,000,000 | -H-D | M] -- C:\0ae4c7654572ab26c33bdd [2010.12.06 21:37:04 | 000,000,000 | -H-D | M] -- C:\0c53facb9bd109a79676cc34a3 [2012.05.30 19:56:51 | 000,000,000 | -H-D | M] -- C:\AsusVibeData [2011.05.20 16:02:33 | 000,000,000 | -HSD | M] -- C:\aws [2011.09.07 14:17:08 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.09 21:17:02 | 000,000,000 | -HSD | M] -- C:\found.000 [2010.01.06 23:39:18 | 000,000,000 | -H-D | M] -- C:\Intel [2012.01.21 12:49:14 | 000,000,000 | -H-D | M] -- C:\output [2012.01.21 12:39:17 | 000,000,000 | -H-D | M] -- C:\PDFZilla [2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2012.07.03 00:24:34 | 000,000,000 | R--D | M] -- C:\Program Files [2012.07.03 00:25:05 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.12.05 04:34:04 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.07.03 17:53:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.07.03 01:42:58 | 000,000,000 | -H-D | M] -- C:\TDSSKiller_Quarantine [2012.01.21 12:47:40 | 000,000,000 | -H-D | M] -- C:\tmp [2010.12.05 04:35:54 | 000,000,000 | R--D | M] -- C:\Users [2012.06.08 13:59:44 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Ilona\AppData\Local\Temp\RarSFX0\procs\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Ilona\AppData\Local\Temp\RarSFX1\procs\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Ilona\AppData\Local\Temp\RarSFX0\h\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Ilona\AppData\Local\Temp\RarSFX1\h\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Ilona\AppData\Local\Temp\RarSFX0\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Ilona\AppData\Local\Temp\RarSFX1\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Ilona\AppData\Local\Temp\RarSFX0\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Ilona\AppData\Local\Temp\RarSFX1\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.07.03 14:21:43 | 000,000,000 | -H-- | M] () -- C:\Users\Ilona\defogger_reenable [2011.08.12 17:28:48 | 001,313,529 | -H-- | M] () -- C:\Users\Ilona\DSC05086.JPG [2011.08.12 17:33:28 | 001,751,685 | -H-- | M] () -- C:\Users\Ilona\DSC05092.JPG [2011.08.12 17:42:44 | 001,786,838 | -H-- | M] () -- C:\Users\Ilona\DSC05108.JPG [2011.08.15 15:10:30 | 001,760,975 | -H-- | M] () -- C:\Users\Ilona\DSC05109.JPG [2012.04.13 19:41:02 | 000,520,854 | -H-- | M] () -- C:\Users\Ilona\gottes_liebe_ist_so_wunderbar.bmp [2012.04.13 22:58:14 | 000,014,626 | -H-- | M] () -- C:\Users\Ilona\gottes_liebe_ist_so_wunderbar.gif [2012.04.10 23:15:53 | 005,672,968 | -H-- | M] () -- C:\Users\Ilona\Ilona 1.cl2arc [2012.07.03 17:52:46 | 003,145,728 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat [2012.07.03 17:52:46 | 000,262,144 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat.LOG1 [2010.12.05 04:35:58 | 000,000,000 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat.LOG2 [2010.12.05 04:49:57 | 000,065,536 | -HS- | M] () -- C:\Users\Ilona\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.12.05 04:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\Ilona\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.12.05 04:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\Ilona\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.04.29 14:33:24 | 000,065,536 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat{c657ac8b-91ee-11e1-a290-485b3918c266}.TM.blf [2012.04.29 14:33:24 | 000,524,288 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat{c657ac8b-91ee-11e1-a290-485b3918c266}.TMContainer00000000000000000001.regtrans-ms [2012.04.29 14:33:24 | 000,524,288 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat{c657ac8b-91ee-11e1-a290-485b3918c266}.TMContainer00000000000000000002.regtrans-ms [2009.07.14 06:53:59 | 000,000,020 | -HS- | M] () -- C:\Users\Ilona\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 714 bytes -> C:\windows\System32\drivers\uhbdhqse.sys:changelist @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.07.2012 17:47:40 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ilona\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,18 Mb Total Physical Memory | 334,18 Mb Available Physical Memory | 32,95% Memory free
2,16 Gb Paging File | 1,09 Gb Available in Paging File | 50,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 45,82 Gb Free Space | 57,27% Space Free | Partition Type: NTFS
Drive D: | 59,03 Gb Total Space | 20,56 Gb Free Space | 34,83% Space Free | Partition Type: NTFS
Computer Name: ILONA-HOME | User Name: Ilona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10959943-99F5-4AD6-9BE2-0C7CD1B25E48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1B1C5DCA-5117-44A1-9B4C-AA5A824392C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1CDB643-714D-4812-99F8-B3C5E0E7E44C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FFFE1F60-ACB7-4979-AA6E-953D5571B2FE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B86C713-E501-4D9D-9E49-9BC7625C2F45}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5A6A29F3-A6E6-4F83-920F-997755EDA69A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6B46B372-2044-4E4D-B74D-3375EFCEB2B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DDBBA77-9F12-403D-B85B-83187ADAC0CC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{B98F5269-F898-42CA-A8F0-9195848EA827}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB04A5E9-D88B-4533-B389-57FD29C2AAA0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{C3806FF6-98BC-4965-A460-C4855EF95A69}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C43DA76F-5FD8-4203-BD2D-AD7453258ABA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5D606E5-A701-49AE-9745-6025C7C6ACE3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CAAE7137-BB42-41F3-A565-D8BE330EAF58}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{CB2B8C1D-A520-498A-BE3E-7177CFD38244}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{F1FF7E26-F7CE-4E4A-85A4-4B45B9BEDAC8}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19862E4F-6080-47C8-A3AC-AF9F0D39F1AB}" = ArtRage 2
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAB69C5-7763-4BB8-9D06-733292AA6E0C}" = Bing Bar
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{592ED299-14EF-4C0E-93B4-B687CD5A2EBE}_is1" = posterXXL.de Bestellsoftware 4.60
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92A781D2-E33C-4213-971E-62C0FAE83208}" = capella reader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8405D99-9D76-4456-8752-87DA930CC3A3}" = Comic Life 2
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BDC2421D-EB66-4F32-A588-F72E62EC4E94}" = EeeSplendid
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.9
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"Bamboo Dock" = Bamboo Dock 3.3
"Bamboo Explore" = Bamboo Explore
"Bamboo Scribe LanguagePack de_DE 3.2_is1" = Bamboo Scribe LanguagePack de_DE 3.2
"Bamboo Scribe Wacom 3.2_is1" = Bamboo Scribe Wacom 3.2
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Designer 2.0_is1" = Designer 2.0
"Eee Docking_is1" = Eee Docking 3.6.0
"F-Secure Product 444" = Unitymedia Sicherheitspaket
"GIMP-2_is1" = GIMP 2.8.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"ICQToolbar" = ICQ Toolbar
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDFZilla_is1" = PDFZilla V1.2.9
"Pen Tablet Driver" = Bamboo
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"schobuk_is1" = schobuk 2.0
"SimpleScreenshot" = SimpleScreenshot 1.40
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.05.2012 03:58:57 | Computer Name = Ilona-Home | Source = FSecure-FSecure-F-Secure Management Agent | ID = 103
Description = 1 2012-05-10 09:58:55+02:00 ILONA-HOME SYSTEM F-Secure Management
Agent The incremental policy file (policy.ipf) was corrupted and a backup copy
of it was successfully taken into use. Some local settings or statistics may have
been lost.
Error - 10.05.2012 04:02:17 | Computer Name = Ilona-Home | Source = ESENT | ID = 467
Description = Windows (1924) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index System_DateModified0 von Tabelle SystemIndex_0A ist beschädigt (0).
Error - 10.05.2012 04:02:17 | Computer Name = Ilona-Home | Source = Windows Search Service | ID = 7040
Description =
Error - 10.05.2012 04:02:17 | Computer Name = Ilona-Home | Source = Windows Search Service | ID = 7042
Description =
Error - 10.05.2012 16:26:21 | Computer Name = Ilona-Home | Source = TabletServicePen | ID = 1
Description =
Error - 16.05.2012 15:33:17 | Computer Name = Ilona-Home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\schobuk\delzip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\schobuk\delzip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 16.05.2012 15:34:57 | Computer Name = Ilona-Home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\posterxxl.de
bestellsoftware\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\posterxxl.de bestellsoftware\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 18.05.2012 09:33:57 | Computer Name = Ilona-Home | Source = TabletServicePen | ID = 1
Description =
Error - 21.05.2012 15:17:34 | Computer Name = Ilona-Home | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>.
Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. .
Error - 31.05.2012 08:52:40 | Computer Name = Ilona-Home | Source = TabletServicePen | ID = 1
Description =
[ System Events ]
Error - 20.10.2011 07:28:32 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 25.10.2011 12:18:02 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 26.10.2011 13:09:27 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 26.10.2011 14:00:29 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 26.10.2011 14:00:29 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst TouchServicePen erreicht.
Error - 26.10.2011 14:01:08 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst TouchServicePen erreicht.
Error - 30.10.2011 02:01:30 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 30.10.2011 12:57:49 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.11.2011 12:51:20 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 02.11.2011 08:07:42 | Computer Name = Ilona-Home | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
Geändert von LeveMak (03.07.2012 um 16:46 Uhr) |
|
03.07.2012, 19:47
| #4 |
| /// Malware-holic | Data Recovery, S.M.A.R.T Repair hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [biiWPEJPdbnXvw.exe] C:\ProgramData\biiWPEJPdbnXvw.exe ()
[2012.07.02 23:21:05 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.07.02 23:28:11 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-McCBw5c66nSc0Cr
[2012.07.02 23:28:11 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-McCBw5c66nSc0C
[2012.07.02 23:28:04 | 000,000,256 | -H-- | M] () -- C:\ProgramData\McCBw5c66nSc0C
[2012.07.02 23:20:37 | 000,254,712 | -H-- | M] () -- C:\ProgramData\McCBw5c66nSc0C.exe
[2012.07.02 23:06:28 | 000,346,360 | -H-- | M] () -- C:\ProgramData\biiWPEJPdbnXvw.exe
:Files
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. lade unhide: Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 warum wurde der tdss killer genutzt, wo ist der bericht? selbe gilt für malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.07.2012, 20:10
| #5 | |
| | Data Recovery, S.M.A.R.T RepairZitat:
|
|
03.07.2012, 20:11
| #6 |
| /// Malware-holic | Data Recovery, S.M.A.R.T Repair dann guck mal auf c: da liegt eine tdss killer-datum-version.txt
__________________ --> Data Recovery, S.M.A.R.T Repair |
|
03.07.2012, 20:31
| #7 |
| | Data Recovery, S.M.A.R.T Repair Jo, habe sie gefunden (heute Nacht, hmmmhhh) 01:37:12.0048 4328 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 01:37:21.0018 4328 ============================================================ 01:37:21.0018 4328 Current date / time: 2012/07/03 01:37:21.0018 01:37:21.0018 4328 SystemInfo: 01:37:21.0018 4328 01:37:21.0018 4328 OS Version: 6.1.7601 ServicePack: 1.0 01:37:21.0018 4328 Product type: Workstation 01:37:21.0034 4328 ComputerName: ILONA-HOME 01:37:21.0034 4328 UserName: Ilona 01:37:21.0034 4328 Windows directory: C:\windows 01:37:21.0034 4328 System windows directory: C:\windows 01:37:21.0034 4328 Processor architecture: Intel x86 01:37:21.0034 4328 Number of processors: 2 01:37:21.0034 4328 Page size: 0x1000 01:37:21.0034 4328 Boot type: Normal boot 01:37:21.0034 4328 ============================================================ 01:37:24.0637 4328 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 01:37:24.0793 4328 Drive \Device\Harddisk1\DR2 - Size: 0x7880000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 01:37:24.0793 4328 ============================================================ 01:37:24.0793 4328 \Device\Harddisk0\DR0: 01:37:24.0793 4328 MBR partitions: 01:37:24.0793 4328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9FFF800 01:37:24.0793 4328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA000000, BlocksNum 0x7610000 01:37:24.0793 4328 \Device\Harddisk1\DR2: 01:37:24.0793 4328 MBR partitions: 01:37:24.0793 4328 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3C3E0 01:37:24.0793 4328 ============================================================ 01:37:24.0965 4328 C: <-> \Device\Harddisk0\DR0\Partition0 01:37:25.0183 4328 D: <-> \Device\Harddisk0\DR0\Partition1 01:37:25.0308 4328 ============================================================ 01:37:25.0308 4328 Initialize success 01:37:25.0308 4328 ============================================================ 01:37:31.0299 2500 ============================================================ 01:37:31.0299 2500 Scan started 01:37:31.0299 2500 Mode: Manual; 01:37:31.0299 2500 ============================================================ 01:37:34.0809 2500 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys 01:37:34.0809 2500 1394ohci - ok 01:37:34.0933 2500 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys 01:37:34.0949 2500 ACPI - ok 01:37:35.0058 2500 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys 01:37:35.0074 2500 AcpiPmi - ok 01:37:35.0355 2500 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 01:37:35.0370 2500 AdobeARMservice - ok 01:37:35.0573 2500 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 01:37:35.0589 2500 adp94xx - ok 01:37:35.0713 2500 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 01:37:35.0729 2500 adpahci - ok 01:37:35.0791 2500 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 01:37:35.0807 2500 adpu320 - ok 01:37:35.0885 2500 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll 01:37:35.0885 2500 AeLookupSvc - ok 01:37:36.0150 2500 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys 01:37:36.0166 2500 AFD - ok 01:37:36.0228 2500 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys 01:37:36.0228 2500 agp440 - ok 01:37:36.0587 2500 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 01:37:36.0618 2500 aic78xx - ok 01:37:37.0273 2500 ALDITALKVerbindungsassistent_Service (7067ac22eb74c2e3d4c950050cbb1ac0) C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe 01:37:37.0320 2500 ALDITALKVerbindungsassistent_Service - ok 01:37:37.0835 2500 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe 01:37:37.0866 2500 ALG - ok 01:37:37.0960 2500 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys 01:37:37.0960 2500 aliide - ok 01:37:38.0022 2500 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys 01:37:38.0022 2500 amdagp - ok 01:37:38.0178 2500 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys 01:37:38.0178 2500 amdide - ok 01:37:38.0303 2500 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 01:37:38.0319 2500 AmdK8 - ok 01:37:38.0365 2500 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 01:37:38.0365 2500 AmdPPM - ok 01:37:38.0490 2500 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys 01:37:38.0490 2500 amdsata - ok 01:37:39.0130 2500 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 01:37:39.0161 2500 amdsbs - ok 01:37:39.0270 2500 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys 01:37:39.0286 2500 amdxata - ok 01:37:39.0395 2500 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys 01:37:39.0395 2500 AppID - ok 01:37:39.0504 2500 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll 01:37:39.0520 2500 AppIDSvc - ok 01:37:39.0816 2500 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll 01:37:39.0847 2500 Appinfo - ok 01:37:40.0300 2500 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 01:37:40.0331 2500 Apple Mobile Device - ok 01:37:40.0440 2500 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 01:37:40.0440 2500 arc - ok 01:37:40.0518 2500 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 01:37:40.0518 2500 arcsas - ok 01:37:40.0596 2500 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys 01:37:40.0596 2500 AsUpIO - ok 01:37:40.0908 2500 AsusService (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe 01:37:40.0939 2500 AsusService - ok 01:37:41.0111 2500 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 01:37:41.0142 2500 AsyncMac - ok 01:37:41.0251 2500 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys 01:37:41.0251 2500 atapi - ok 01:37:42.0531 2500 athr (31cb2740bfdbac1e48e2b7ead38f0d27) C:\windows\system32\DRIVERS\athr.sys 01:37:42.0640 2500 athr - ok 01:37:43.0607 2500 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 01:37:43.0654 2500 AudioEndpointBuilder - ok 01:37:43.0701 2500 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 01:37:43.0716 2500 Audiosrv - ok 01:37:43.0825 2500 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll 01:37:43.0841 2500 AxInstSV - ok 01:37:44.0106 2500 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 01:37:44.0137 2500 b06bdrv - ok 01:37:44.0278 2500 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 01:37:44.0278 2500 b57nd60x - ok 01:37:44.0652 2500 BBSvc (37bfed63841e56f465e1a0cd32f1bcc9) C:\Program Files\Microsoft\BingBar\7.1.364.0\BBSvc.exe 01:37:44.0668 2500 BBSvc - ok 01:37:44.0793 2500 BBUpdate (b47230df549e171449b5d25cfcee9f57) C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.exe 01:37:44.0808 2500 BBUpdate - ok 01:37:44.0886 2500 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll 01:37:44.0886 2500 BDESVC - ok 01:37:44.0980 2500 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 01:37:44.0980 2500 Beep - ok 01:37:45.0229 2500 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll 01:37:45.0245 2500 BFE - ok 01:37:45.0557 2500 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll 01:37:45.0588 2500 BITS - ok 01:37:45.0916 2500 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 01:37:45.0947 2500 blbdrive - ok 01:37:46.0353 2500 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe 01:37:46.0368 2500 Bonjour Service - ok 01:37:46.0493 2500 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys 01:37:46.0509 2500 bowser - ok 01:37:46.0555 2500 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 01:37:46.0555 2500 BrFiltLo - ok 01:37:46.0633 2500 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 01:37:46.0649 2500 BrFiltUp - ok 01:37:46.0727 2500 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll 01:37:46.0727 2500 Browser - ok 01:37:46.0821 2500 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 01:37:46.0836 2500 Brserid - ok 01:37:46.0883 2500 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 01:37:46.0899 2500 BrSerWdm - ok 01:37:46.0930 2500 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 01:37:46.0930 2500 BrUsbMdm - ok 01:37:46.0977 2500 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 01:37:46.0977 2500 BrUsbSer - ok 01:37:47.0070 2500 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys 01:37:47.0070 2500 BthEnum - ok 01:37:47.0117 2500 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 01:37:47.0133 2500 BTHMODEM - ok 01:37:47.0195 2500 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 01:37:47.0211 2500 BthPan - ok 01:37:47.0367 2500 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys 01:37:47.0382 2500 BTHPORT - ok 01:37:47.0507 2500 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll 01:37:47.0507 2500 bthserv - ok 01:37:47.0585 2500 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys 01:37:47.0601 2500 BTHUSB - ok 01:37:47.0679 2500 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys 01:37:47.0679 2500 btusbflt - ok 01:37:47.0710 2500 btwaudio - ok 01:37:47.0757 2500 btwavdt - ok 01:37:47.0803 2500 btwl2cap - ok 01:37:47.0850 2500 btwrchid - ok 01:37:47.0928 2500 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 01:37:47.0928 2500 cdfs - ok 01:37:48.0053 2500 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys 01:37:48.0053 2500 cdrom - ok 01:37:48.0349 2500 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 01:37:48.0381 2500 CertPropSvc - ok 01:37:48.0474 2500 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 01:37:48.0474 2500 circlass - ok 01:37:48.0693 2500 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 01:37:48.0724 2500 CLFS - ok 01:37:49.0145 2500 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 01:37:49.0192 2500 clr_optimization_v2.0.50727_32 - ok 01:37:49.0707 2500 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 01:37:49.0738 2500 clr_optimization_v4.0.30319_32 - ok 01:37:49.0894 2500 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 01:37:49.0909 2500 CmBatt - ok 01:37:49.0987 2500 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys 01:37:49.0987 2500 cmdide - ok 01:37:50.0175 2500 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys 01:37:50.0221 2500 CNG - ok 01:37:50.0362 2500 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 01:37:50.0362 2500 Compbatt - ok 01:37:50.0814 2500 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys 01:37:50.0845 2500 CompositeBus - ok 01:37:50.0923 2500 COMSysApp - ok 01:37:51.0126 2500 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 01:37:51.0173 2500 crcdisk - ok 01:37:52.0265 2500 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll 01:37:52.0296 2500 CryptSvc - ok 01:37:55.0026 2500 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 01:37:55.0089 2500 DcomLaunch - ok 01:37:56.0071 2500 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll 01:37:56.0103 2500 defragsvc - ok 01:37:56.0773 2500 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys 01:37:56.0820 2500 DfsC - ok 01:37:58.0240 2500 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll 01:37:58.0287 2500 Dhcp - ok 01:37:58.0552 2500 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 01:37:58.0645 2500 discache - ok 01:37:59.0191 2500 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 01:37:59.0238 2500 Disk - ok 01:37:59.0425 2500 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll 01:37:59.0488 2500 Dnscache - ok 01:38:00.0190 2500 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll 01:38:00.0221 2500 dot3svc - ok 01:38:00.0377 2500 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll 01:38:00.0393 2500 DPS - ok 01:38:00.0502 2500 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 01:38:00.0502 2500 drmkaud - ok 01:38:00.0751 2500 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys 01:38:00.0767 2500 DXGKrnl - ok 01:38:00.0892 2500 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll 01:38:00.0907 2500 EapHost - ok 01:38:01.0921 2500 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 01:38:02.0062 2500 ebdrv - ok 01:38:02.0889 2500 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe 01:38:02.0904 2500 EFS - ok 01:38:03.0294 2500 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 01:38:03.0325 2500 elxstor - ok 01:38:03.0372 2500 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys 01:38:03.0388 2500 ErrDev - ok 01:38:03.0637 2500 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll 01:38:03.0669 2500 EventSystem - ok 01:38:03.0778 2500 ewusbnet (e1556af3fb0284c32896b9ac8494d9c2) C:\windows\system32\DRIVERS\ewusbnet.sys 01:38:03.0793 2500 ewusbnet - ok 01:38:04.0012 2500 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\windows\system32\DRIVERS\ew_hwusbdev.sys 01:38:04.0027 2500 ew_hwusbdev - ok 01:38:04.0261 2500 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 01:38:04.0277 2500 exfat - ok 01:38:04.0651 2500 F-Secure Gatekeeper (66422dc3faa1de433371816056d28270) C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys 01:38:04.0667 2500 F-Secure Gatekeeper - ok 01:38:04.0761 2500 F-Secure Gatekeeper Handler Starter (a9be66e05254b20df82e0f7cddeca7dd) C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe 01:38:04.0761 2500 F-Secure Gatekeeper Handler Starter - ok 01:38:04.0854 2500 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys 01:38:04.0870 2500 F-Secure HIPS - ok 01:38:04.0948 2500 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 01:38:04.0963 2500 fastfat - ok 01:38:05.0151 2500 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe 01:38:05.0166 2500 Fax - ok 01:38:05.0229 2500 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 01:38:05.0244 2500 fdc - ok 01:38:05.0338 2500 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll 01:38:05.0338 2500 fdPHost - ok 01:38:05.0400 2500 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll 01:38:05.0416 2500 FDResPub - ok 01:38:05.0478 2500 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 01:38:05.0478 2500 FileInfo - ok 01:38:05.0556 2500 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 01:38:05.0556 2500 Filetrace - ok 01:38:05.0572 2500 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 01:38:05.0587 2500 flpydisk - ok 01:38:05.0697 2500 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 01:38:05.0697 2500 FltMgr - ok 01:38:06.0024 2500 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll 01:38:06.0040 2500 FontCache - ok 01:38:06.0461 2500 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 01:38:06.0477 2500 FontCache3.0.0.0 - ok 01:38:06.0586 2500 fsbts (1d2de58a837e6909f98ca35103d10739) C:\windows\system32\Drivers\fsbts.sys 01:38:06.0601 2500 fsbts - ok 01:38:06.0664 2500 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 01:38:06.0679 2500 FsDepends - ok 01:38:06.0976 2500 FSDFWD (8e0bf7478cc3baed48282adbc97adafb) C:\Program Files\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe 01:38:06.0991 2500 FSDFWD - ok 01:38:07.0101 2500 FSES (2bffae1318ce3d9847a8d61b3726e54e) C:\windows\system32\drivers\fses.sys 01:38:07.0101 2500 FSES - ok 01:38:07.0194 2500 FSFW (73e6e711455491da6ebbaf9603e96323) C:\windows\system32\drivers\fsdfw.sys 01:38:07.0225 2500 FSFW - ok 01:38:07.0475 2500 FSMA (392e85687a902239c01baddf212b1a36) C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE 01:38:07.0522 2500 FSMA - ok 01:38:07.0615 2500 FSORSPClient (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe 01:38:07.0631 2500 FSORSPClient - ok 01:38:07.0865 2500 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\windows\system32\DRIVERS\fssfltr.sys 01:38:07.0912 2500 fssfltr - ok 01:38:08.0614 2500 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 01:38:08.0723 2500 fsssvc - ok 01:38:08.0957 2500 fsvista (f4a1769bd7a3f073c492663e6a7decd1) C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys 01:38:08.0957 2500 fsvista - ok 01:38:09.0550 2500 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys 01:38:09.0550 2500 Fs_Rec - ok 01:38:09.0675 2500 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys 01:38:09.0690 2500 fvevol - ok 01:38:09.0846 2500 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 01:38:09.0846 2500 gagp30kx - ok 01:38:09.0893 2500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 01:38:09.0893 2500 GEARAspiWDM - ok 01:38:10.0299 2500 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll 01:38:10.0330 2500 gpsvc - ok 01:38:10.0501 2500 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 01:38:10.0517 2500 hcw85cir - ok 01:38:10.0673 2500 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys 01:38:10.0673 2500 HdAudAddService - ok 01:38:10.0767 2500 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys 01:38:10.0767 2500 HDAudBus - ok 01:38:10.0829 2500 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 01:38:10.0845 2500 HidBatt - ok 01:38:10.0923 2500 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 01:38:10.0923 2500 HidBth - ok 01:38:10.0985 2500 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 01:38:10.0985 2500 HidIr - ok 01:38:11.0079 2500 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll 01:38:11.0094 2500 hidserv - ok 01:38:11.0172 2500 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys 01:38:11.0172 2500 HidUsb - ok 01:38:11.0266 2500 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll 01:38:11.0266 2500 hkmsvc - ok 01:38:11.0359 2500 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll 01:38:11.0359 2500 HomeGroupListener - ok 01:38:11.0500 2500 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll 01:38:11.0515 2500 HomeGroupProvider - ok 01:38:11.0609 2500 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys 01:38:11.0609 2500 HpSAMD - ok 01:38:11.0765 2500 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys 01:38:11.0781 2500 HTTP - ok 01:38:11.0890 2500 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\windows\system32\DRIVERS\ewusbmdm.sys 01:38:11.0890 2500 hwdatacard - ok 01:38:11.0952 2500 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys 01:38:11.0968 2500 hwpolicy - ok 01:38:12.0077 2500 hxlgrdfj (dd0a8b0aa7791691ff597334708d9e8f) C:\windows\system32\drivers\hxlgrdfj.sys 01:38:12.0171 2500 hxlgrdfj - ok 01:38:12.0295 2500 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys 01:38:12.0311 2500 i8042prt - ok 01:38:12.0545 2500 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 01:38:12.0561 2500 IAANTMON - ok 01:38:12.0670 2500 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 01:38:12.0685 2500 iaStor - ok 01:38:12.0826 2500 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys 01:38:12.0841 2500 iaStorV - ok 01:38:13.0044 2500 ICQ Service (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files\ICQ6Toolbar\ICQ Service.exe 01:38:13.0044 2500 ICQ Service - ok 01:38:13.0450 2500 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 01:38:13.0481 2500 idsvc - ok 01:38:14.0885 2500 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys 01:38:15.0072 2500 igfx - ok 01:38:15.0759 2500 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 01:38:15.0759 2500 iirsp - ok 01:38:15.0977 2500 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll 01:38:16.0008 2500 IKEEXT - ok 01:38:16.0788 2500 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys 01:38:17.0537 2500 IntcAzAudAddService - ok 01:38:18.0301 2500 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys 01:38:18.0301 2500 intelide - ok 01:38:18.0489 2500 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 01:38:18.0520 2500 intelppm - ok 01:38:18.0582 2500 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll 01:38:18.0598 2500 IPBusEnum - ok 01:38:19.0066 2500 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 01:38:19.0113 2500 IpFilterDriver - ok 01:38:20.0033 2500 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll 01:38:20.0095 2500 iphlpsvc - ok 01:38:20.0517 2500 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys 01:38:20.0532 2500 IPMIDRV - ok 01:38:20.0719 2500 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 01:38:20.0751 2500 IPNAT - ok 01:38:22.0092 2500 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe 01:38:22.0170 2500 iPod Service - ok 01:38:22.0342 2500 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 01:38:22.0357 2500 IRENUM - ok 01:38:22.0685 2500 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys 01:38:22.0716 2500 isapnp - ok 01:38:24.0027 2500 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys 01:38:24.0058 2500 iScsiPrt - ok 01:38:24.0526 2500 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys 01:38:24.0573 2500 kbdclass - ok 01:38:24.0822 2500 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys 01:38:24.0838 2500 kbdhid - ok 01:38:24.0994 2500 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys 01:38:25.0041 2500 kbfiltr - ok 01:38:25.0181 2500 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 01:38:25.0197 2500 KeyIso - ok 01:38:25.0727 2500 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys 01:38:25.0774 2500 KSecDD - ok 01:38:26.0226 2500 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys 01:38:26.0257 2500 KSecPkg - ok 01:38:27.0552 2500 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll 01:38:27.0615 2500 KtmRm - ok 01:38:27.0849 2500 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys 01:38:27.0849 2500 L1C - ok 01:38:28.0083 2500 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll 01:38:28.0114 2500 LanmanServer - ok 01:38:28.0488 2500 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll 01:38:28.0566 2500 LanmanWorkstation - ok 01:38:29.0050 2500 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 01:38:29.0081 2500 lltdio - ok 01:38:30.0407 2500 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll 01:38:30.0454 2500 lltdsvc - ok 01:38:30.0579 2500 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll 01:38:30.0610 2500 lmhosts - ok 01:38:30.0969 2500 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 01:38:30.0984 2500 LSI_FC - ok 01:38:31.0218 2500 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 01:38:31.0234 2500 LSI_SAS - ok 01:38:31.0671 2500 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 01:38:31.0702 2500 LSI_SAS2 - ok 01:38:32.0357 2500 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 01:38:32.0388 2500 LSI_SCSI - ok 01:38:32.0653 2500 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 01:38:32.0685 2500 luafv - ok 01:38:32.0778 2500 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys 01:38:32.0919 2500 MBAMProtector - ok 01:38:33.0449 2500 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 01:38:33.0558 2500 MBAMService - ok 01:38:33.0636 2500 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 01:38:33.0652 2500 megasas - ok 01:38:33.0777 2500 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 01:38:33.0792 2500 MegaSR - ok 01:38:33.0917 2500 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 01:38:33.0933 2500 MMCSS - ok 01:38:33.0979 2500 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 01:38:33.0979 2500 Modem - ok 01:38:34.0042 2500 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 01:38:34.0057 2500 monitor - ok 01:38:34.0213 2500 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 01:38:34.0229 2500 mouclass - ok 01:38:34.0323 2500 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 01:38:34.0338 2500 mouhid - ok 01:38:34.0432 2500 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys 01:38:34.0447 2500 mountmgr - ok 01:38:34.0681 2500 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 01:38:34.0697 2500 MozillaMaintenance - ok 01:38:34.0822 2500 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys 01:38:34.0837 2500 mpio - ok 01:38:35.0056 2500 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 01:38:35.0056 2500 mpsdrv - ok 01:38:35.0446 2500 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll 01:38:35.0524 2500 MpsSvc - ok 01:38:35.0617 2500 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys 01:38:35.0633 2500 MRxDAV - ok 01:38:35.0742 2500 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys 01:38:35.0742 2500 mrxsmb - ok 01:38:35.0883 2500 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys 01:38:35.0898 2500 mrxsmb10 - ok 01:38:35.0961 2500 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys 01:38:35.0976 2500 mrxsmb20 - ok 01:38:36.0039 2500 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys 01:38:36.0039 2500 msahci - ok 01:38:36.0148 2500 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys 01:38:36.0163 2500 msdsm - ok 01:38:36.0257 2500 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe 01:38:36.0273 2500 MSDTC - ok 01:38:36.0413 2500 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 01:38:36.0413 2500 Msfs - ok 01:38:36.0475 2500 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 01:38:36.0475 2500 mshidkmdf - ok 01:38:36.0538 2500 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys 01:38:36.0538 2500 msisadrv - ok 01:38:36.0647 2500 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll 01:38:36.0663 2500 MSiSCSI - ok 01:38:36.0709 2500 msiserver - ok 01:38:36.0803 2500 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 01:38:36.0819 2500 MSKSSRV - ok 01:38:36.0850 2500 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 01:38:36.0865 2500 MSPCLOCK - ok 01:38:36.0912 2500 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 01:38:36.0912 2500 MSPQM - ok 01:38:37.0006 2500 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 01:38:37.0021 2500 MsRPC - ok 01:38:37.0099 2500 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys 01:38:37.0099 2500 mssmbios - ok 01:38:37.0146 2500 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 01:38:37.0177 2500 MSTEE - ok 01:38:37.0193 2500 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 01:38:37.0209 2500 MTConfig - ok 01:38:37.0255 2500 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 01:38:37.0271 2500 Mup - ok 01:38:37.0443 2500 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll 01:38:37.0474 2500 napagent - ok 01:38:37.0599 2500 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 01:38:37.0614 2500 NativeWifiP - ok 01:38:37.0895 2500 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys 01:38:37.0926 2500 NDIS - ok 01:38:38.0020 2500 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 01:38:38.0035 2500 NdisCap - ok 01:38:38.0098 2500 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 01:38:38.0113 2500 NdisTapi - ok 01:38:38.0238 2500 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys 01:38:38.0238 2500 Ndisuio - ok 01:38:38.0332 2500 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys 01:38:38.0347 2500 NdisWan - ok 01:38:38.0425 2500 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys 01:38:38.0425 2500 NDProxy - ok 01:38:38.0769 2500 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll 01:38:38.0800 2500 Net Driver HPZ12 - ok 01:38:39.0143 2500 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 01:38:39.0190 2500 NetBIOS - ok 01:38:39.0330 2500 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys 01:38:39.0346 2500 NetBT - ok 01:38:39.0564 2500 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 01:38:39.0580 2500 Netlogon - ok 01:38:40.0204 2500 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll 01:38:40.0251 2500 Netman - ok 01:38:40.0750 2500 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll 01:38:40.0797 2500 netprofm - ok 01:38:41.0124 2500 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 01:38:41.0140 2500 NetTcpPortSharing - ok 01:38:41.0280 2500 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 01:38:41.0296 2500 nfrd960 - ok 01:38:42.0138 2500 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll 01:38:42.0185 2500 NlaSvc - ok 01:38:42.0419 2500 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 01:38:42.0450 2500 Npfs - ok 01:38:42.0606 2500 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll 01:38:42.0669 2500 nsi - ok 01:38:42.0825 2500 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 01:38:42.0840 2500 nsiproxy - ok 01:38:45.0321 2500 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys 01:38:45.0399 2500 Ntfs - ok 01:38:46.0896 2500 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 01:38:46.0896 2500 Null - ok 01:38:47.0115 2500 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys 01:38:47.0162 2500 nvraid - ok 01:38:47.0988 2500 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys 01:38:48.0004 2500 nvstor - ok 01:38:48.0113 2500 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys 01:38:48.0129 2500 nv_agp - ok 01:38:48.0285 2500 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys 01:38:48.0300 2500 ohci1394 - ok 01:38:48.0441 2500 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 01:38:48.0472 2500 p2pimsvc - ok 01:38:48.0675 2500 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll 01:38:48.0706 2500 p2psvc - ok 01:38:48.0862 2500 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 01:38:48.0893 2500 Parport - ok 01:38:49.0314 2500 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys 01:38:49.0346 2500 partmgr - ok 01:38:49.0455 2500 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 01:38:49.0470 2500 Parvdm - ok 01:38:49.0595 2500 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll 01:38:49.0626 2500 PcaSvc - ok 01:38:49.0876 2500 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys 01:38:49.0923 2500 pci - ok 01:38:50.0094 2500 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys 01:38:50.0094 2500 pciide - ok 01:38:50.0282 2500 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 01:38:50.0313 2500 pcmcia - ok 01:38:50.0453 2500 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 01:38:50.0469 2500 pcw - ok 01:38:50.0640 2500 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 01:38:50.0656 2500 PEAUTH - ok 01:38:51.0015 2500 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll 01:38:51.0062 2500 pla - ok 01:38:51.0576 2500 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll 01:38:51.0592 2500 PlugPlay - ok 01:38:51.0732 2500 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll 01:38:51.0732 2500 Pml Driver HPZ12 - ok 01:38:51.0779 2500 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll 01:38:51.0795 2500 PNRPAutoReg - ok 01:38:52.0263 2500 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 01:38:52.0278 2500 PNRPsvc - ok 01:38:52.0700 2500 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll 01:38:52.0731 2500 PolicyAgent - ok 01:38:52.0934 2500 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll 01:38:52.0949 2500 Power - ok 01:38:53.0729 2500 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 01:38:53.0760 2500 PptpMiniport - ok 01:38:54.0275 2500 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 01:38:54.0338 2500 Processor - ok 01:38:54.0556 2500 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll 01:38:54.0603 2500 ProfSvc - ok 01:38:54.0852 2500 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 01:38:54.0868 2500 ProtectedStorage - ok 01:38:55.0024 2500 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 01:38:55.0024 2500 Psched - ok 01:38:57.0941 2500 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 01:38:58.0019 2500 ql2300 - ok 01:38:59.0922 2500 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 01:38:59.0938 2500 ql40xx - ok 01:39:00.0890 2500 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll 01:39:00.0921 2500 QWAVE - ok 01:39:01.0092 2500 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 01:39:01.0108 2500 QWAVEdrv - ok 01:39:01.0202 2500 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 01:39:01.0248 2500 RasAcd - ok 01:39:01.0872 2500 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 01:39:01.0904 2500 RasAgileVpn - ok 01:39:02.0013 2500 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll 01:39:02.0028 2500 RasAuto - ok 01:39:02.0106 2500 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 01:39:02.0106 2500 Rasl2tp - ok 01:39:02.0231 2500 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll 01:39:02.0247 2500 RasMan - ok 01:39:02.0465 2500 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 01:39:02.0496 2500 RasPppoe - ok 01:39:02.0574 2500 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 01:39:02.0574 2500 RasSstp - ok 01:39:02.0699 2500 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys 01:39:02.0715 2500 rdbss - ok 01:39:02.0886 2500 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 01:39:02.0918 2500 rdpbus - ok 01:39:03.0074 2500 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys 01:39:03.0089 2500 RDPCDD - ok 01:39:03.0214 2500 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 01:39:03.0604 2500 RDPENCDD - ok 01:39:03.0729 2500 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 01:39:03.0729 2500 RDPREFMP - ok 01:39:04.0056 2500 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys 01:39:04.0072 2500 RDPWD - ok 01:39:05.0320 2500 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys 01:39:05.0570 2500 rdyboost - ok 01:39:06.0022 2500 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll 01:39:06.0069 2500 RemoteAccess - ok 01:39:06.0584 2500 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll 01:39:06.0646 2500 RemoteRegistry - ok 01:39:07.0083 2500 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 01:39:07.0130 2500 RFCOMM - ok 01:39:07.0332 2500 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll 01:39:07.0348 2500 RpcEptMapper - ok 01:39:07.0395 2500 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe 01:39:07.0410 2500 RpcLocator - ok 01:39:07.0551 2500 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 01:39:07.0566 2500 RpcSs - ok 01:39:07.0816 2500 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 01:39:07.0847 2500 rspndr - ok 01:39:07.0956 2500 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 01:39:07.0956 2500 SamSs - ok 01:39:08.0159 2500 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys 01:39:08.0175 2500 sbp2port - ok 01:39:08.0518 2500 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll 01:39:08.0565 2500 SCardSvr - ok 01:39:08.0814 2500 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys 01:39:08.0846 2500 scfilter - ok 01:39:09.0236 2500 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll 01:39:09.0392 2500 Schedule - ok 01:39:09.0672 2500 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 01:39:09.0688 2500 SCPolicySvc - ok 01:39:10.0094 2500 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll 01:39:10.0156 2500 SDRSVC - ok 01:39:10.0328 2500 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 01:39:10.0359 2500 secdrv - ok 01:39:10.0484 2500 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll 01:39:10.0499 2500 seclogon - ok 01:39:10.0733 2500 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll 01:39:10.0780 2500 SENS - ok 01:39:10.0952 2500 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 01:39:10.0983 2500 Serenum - ok 01:39:11.0700 2500 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 01:39:11.0810 2500 Serial - ok 01:39:12.0059 2500 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 01:39:12.0106 2500 sermouse - ok 01:39:12.0324 2500 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll 01:39:12.0340 2500 SessionEnv - ok 01:39:12.0465 2500 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys 01:39:12.0465 2500 sffdisk - ok 01:39:12.0574 2500 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys 01:39:12.0590 2500 sffp_mmc - ok 01:39:12.0714 2500 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys 01:39:12.0714 2500 sffp_sd - ok 01:39:12.0839 2500 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 01:39:12.0855 2500 sfloppy - ok 01:39:12.0995 2500 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll 01:39:13.0011 2500 SharedAccess - ok 01:39:13.0167 2500 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll 01:39:13.0182 2500 ShellHWDetection - ok 01:39:13.0713 2500 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys 01:39:13.0775 2500 sisagp - ok 01:39:14.0118 2500 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 01:39:14.0165 2500 SiSRaid2 - ok 01:39:14.0789 2500 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 01:39:14.0820 2500 SiSRaid4 - ok 01:39:15.0554 2500 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 01:39:15.0632 2500 Smb - ok 01:39:15.0928 2500 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe 01:39:15.0990 2500 SNMPTRAP - ok 01:39:16.0162 2500 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 01:39:16.0193 2500 spldr - ok 01:39:17.0145 2500 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe 01:39:17.0207 2500 Spooler - ok 01:39:20.0561 2500 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe 01:39:20.0748 2500 sppsvc - ok 01:39:21.0092 2500 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll 01:39:21.0107 2500 sppuinotify - ok 01:39:21.0591 2500 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys 01:39:21.0606 2500 srv - ok 01:39:22.0074 2500 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys 01:39:22.0106 2500 srv2 - ok 01:39:22.0558 2500 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys 01:39:22.0574 2500 srvnet - ok 01:39:23.0026 2500 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll 01:39:23.0057 2500 SSDPSRV - ok 01:39:23.0572 2500 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll 01:39:23.0588 2500 SstpSvc - ok 01:39:23.0712 2500 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 01:39:23.0728 2500 stexstor - ok 01:39:24.0118 2500 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll 01:39:24.0227 2500 StiSvc - ok 01:39:24.0414 2500 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys 01:39:24.0414 2500 swenum - ok 01:39:24.0960 2500 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll 01:39:25.0023 2500 swprv - ok 01:39:26.0271 2500 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys 01:39:26.0318 2500 SynTP - ok 01:39:28.0548 2500 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll 01:39:28.0736 2500 SysMain - ok 01:39:28.0970 2500 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll 01:39:29.0016 2500 TabletInputService - ok 01:39:36.0551 2500 TabletServicePen (9f363b982c04392f248f4a5f4a154f06) C:\Program Files\Tablet\Pen\Pen_Tablet.exe 01:39:36.0910 2500 TabletServicePen - ok 01:39:38.0564 2500 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll 01:39:38.0610 2500 TapiSrv - ok 01:39:38.0688 2500 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll 01:39:38.0704 2500 TBS - ok 01:39:39.0484 2500 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys 01:39:39.0609 2500 Tcpip - ok 01:39:42.0027 2500 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys 01:39:42.0058 2500 TCPIP6 - ok 01:39:42.0557 2500 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys 01:39:42.0557 2500 tcpipreg - ok 01:39:42.0807 2500 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys 01:39:42.0854 2500 TDPIPE - ok 01:39:43.0025 2500 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys 01:39:43.0056 2500 TDTCP - ok 01:39:43.0134 2500 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys 01:39:43.0150 2500 tdx - ok 01:39:43.0353 2500 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys 01:39:43.0368 2500 TermDD - ok 01:39:46.0348 2500 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll 01:39:46.0473 2500 TermService - ok 01:39:46.0551 2500 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll 01:39:46.0566 2500 Themes - ok 01:39:46.0660 2500 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 01:39:46.0676 2500 THREADORDER - ok 01:39:47.0081 2500 TouchServicePen (cfcdf560eb5a804cd3493b4e03a928ba) C:\Program Files\Tablet\Pen\Pen_TouchService.exe 01:39:47.0128 2500 TouchServicePen - ok 01:39:47.0331 2500 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll 01:39:47.0346 2500 TrkWks - ok 01:39:47.0518 2500 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe 01:39:47.0549 2500 TrustedInstaller - ok 01:39:47.0705 2500 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys 01:39:47.0736 2500 tssecsrv - ok 01:39:48.0080 2500 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys 01:39:48.0111 2500 TsUsbFlt - ok 01:39:48.0423 2500 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys 01:39:48.0423 2500 tunnel - ok 01:39:49.0125 2500 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 01:39:49.0172 2500 uagp35 - ok 01:39:50.0014 2500 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys 01:39:50.0061 2500 udfs - ok 01:39:50.0154 2500 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe 01:39:50.0154 2500 UI0Detect - ok 01:39:50.0217 2500 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys 01:39:50.0217 2500 uliagpkx - ok 01:39:50.0357 2500 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys 01:39:50.0357 2500 umbus - ok 01:39:50.0482 2500 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 01:39:50.0498 2500 UmPass - ok 01:39:50.0622 2500 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll 01:39:50.0654 2500 upnphost - ok 01:39:50.0778 2500 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\windows\system32\Drivers\usbaapl.sys 01:39:50.0794 2500 USBAAPL - ok 01:39:50.0934 2500 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys 01:39:50.0950 2500 usbccgp - ok 01:39:51.0122 2500 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys 01:39:51.0137 2500 usbcir - ok 01:39:51.0246 2500 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys 01:39:51.0246 2500 usbehci - ok 01:39:51.0340 2500 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys 01:39:51.0340 2500 usbhub - ok 01:39:51.0402 2500 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys 01:39:51.0402 2500 usbohci - ok 01:39:51.0480 2500 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 01:39:51.0496 2500 usbprint - ok 01:39:51.0543 2500 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys 01:39:51.0558 2500 usbscan - ok 01:39:51.0605 2500 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS 01:39:51.0621 2500 USBSTOR - ok 01:39:51.0683 2500 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys 01:39:51.0683 2500 usbuhci - ok 01:39:51.0808 2500 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys 01:39:51.0808 2500 usbvideo - ok 01:39:51.0902 2500 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll 01:39:51.0917 2500 UxSms - ok 01:39:51.0980 2500 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 01:39:51.0980 2500 VaultSvc - ok 01:39:52.0042 2500 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys 01:39:52.0058 2500 vdrvroot - ok 01:39:52.0229 2500 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe 01:39:52.0260 2500 vds - ok 01:39:52.0416 2500 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 01:39:52.0416 2500 vga - ok 01:39:52.0510 2500 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 01:39:52.0510 2500 VgaSave - ok 01:39:52.0650 2500 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys 01:39:52.0666 2500 vhdmp - ok 01:39:52.0775 2500 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys 01:39:52.0775 2500 viaagp - ok 01:39:52.0853 2500 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 01:39:52.0869 2500 ViaC7 - ok 01:39:52.0916 2500 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys 01:39:52.0916 2500 viaide - ok 01:39:53.0056 2500 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys 01:39:53.0103 2500 volmgr - ok 01:39:53.0259 2500 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 01:39:53.0274 2500 volmgrx - ok 01:39:53.0368 2500 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys 01:39:53.0384 2500 volsnap - ok 01:39:53.0540 2500 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 01:39:53.0555 2500 vsmraid - ok 01:39:53.0789 2500 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe 01:39:53.0836 2500 VSS - ok 01:39:53.0914 2500 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 01:39:53.0914 2500 vwifibus - ok 01:39:53.0961 2500 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 01:39:53.0976 2500 vwififlt - ok 01:39:54.0117 2500 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll 01:39:54.0148 2500 W32Time - ok 01:39:54.0351 2500 wacmoumonitor (026d58e9d7701f6b26b0b499f1705334) C:\windows\system32\DRIVERS\wacmoumonitor.sys 01:39:54.0398 2500 wacmoumonitor - ok 01:39:54.0444 2500 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys 01:39:54.0444 2500 wacommousefilter - ok 01:39:54.0507 2500 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 01:39:54.0522 2500 WacomPen - ok 01:39:54.0554 2500 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\windows\system32\DRIVERS\wacomvhid.sys 01:39:54.0569 2500 wacomvhid - ok 01:39:54.0616 2500 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 01:39:54.0632 2500 WANARP - ok 01:39:54.0647 2500 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 01:39:54.0647 2500 Wanarpv6 - ok 01:39:55.0068 2500 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe 01:39:55.0162 2500 wbengine - ok 01:39:55.0302 2500 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll 01:39:55.0334 2500 WbioSrvc - ok 01:39:55.0427 2500 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll 01:39:55.0443 2500 wcncsvc - ok 01:39:55.0505 2500 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll 01:39:55.0521 2500 WcsPlugInService - ok 01:39:55.0677 2500 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 01:39:55.0677 2500 Wd - ok 01:39:55.0848 2500 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 01:39:55.0864 2500 Wdf01000 - ok 01:39:55.0958 2500 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 01:39:55.0973 2500 WdiServiceHost - ok 01:39:56.0004 2500 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 01:39:56.0020 2500 WdiSystemHost - ok 01:39:56.0207 2500 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll 01:39:56.0270 2500 WebClient - ok 01:39:56.0379 2500 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll 01:39:56.0394 2500 Wecsvc - ok 01:39:56.0441 2500 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll 01:39:56.0441 2500 wercplsupport - ok 01:39:56.0488 2500 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll 01:39:56.0504 2500 WerSvc - ok 01:39:56.0691 2500 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 01:39:56.0691 2500 WfpLwf - ok 01:39:56.0722 2500 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 01:39:56.0738 2500 WIMMount - ok 01:39:57.0252 2500 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 01:39:57.0284 2500 WinDefend - ok 01:39:57.0299 2500 WinHttpAutoProxySvc - ok 01:39:57.0471 2500 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll 01:39:57.0471 2500 Winmgmt - ok 01:39:57.0845 2500 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll 01:39:57.0892 2500 WinRM - ok 01:39:58.0266 2500 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll 01:39:58.0298 2500 Wlansvc - ok 01:39:58.0750 2500 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 01:39:58.0781 2500 wlcrasvc - ok 01:39:59.0405 2500 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 01:39:59.0499 2500 wlidsvc - ok 01:40:00.0076 2500 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys 01:40:00.0092 2500 WmiAcpi - ok 01:40:00.0513 2500 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe 01:40:00.0544 2500 wmiApSrv - ok 01:40:00.0996 2500 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 01:40:01.0043 2500 WMPNetworkSvc - ok 01:40:01.0496 2500 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll 01:40:01.0511 2500 WPCSvc - ok 01:40:01.0605 2500 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll 01:40:01.0620 2500 WPDBusEnum - ok 01:40:01.0948 2500 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 01:40:01.0979 2500 ws2ifsl - ok 01:40:02.0120 2500 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll 01:40:02.0135 2500 wscsvc - ok 01:40:02.0166 2500 WSearch - ok 01:40:02.0385 2500 WTGService (a583f4bf607ebc5709578433207a76a8) C:\Program Files\Verbindungsassistent\wtgservice.exe 01:40:03.0914 2500 WTGService - ok 01:40:04.0444 2500 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll 01:40:04.0522 2500 wuauserv - ok 01:40:05.0271 2500 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys 01:40:05.0271 2500 WudfPf - ok 01:40:05.0505 2500 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys 01:40:05.0536 2500 WUDFRd - ok 01:40:05.0645 2500 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll 01:40:05.0661 2500 wudfsvc - ok 01:40:05.0739 2500 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll 01:40:05.0770 2500 WwanSvc - ok 01:40:05.0879 2500 MBR (0x1B8) (e6e5a9f732a9ee86c49321674587fed1) \Device\Harddisk0\DR0 01:40:05.0910 2500 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected 01:40:05.0910 2500 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0) 01:40:05.0926 2500 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2 01:40:05.0942 2500 \Device\Harddisk1\DR2 - ok 01:40:05.0988 2500 Boot (0x1200) (1941b9316f2ce72f35fa585453610801) \Device\Harddisk0\DR0\Partition0 01:40:05.0988 2500 \Device\Harddisk0\DR0\Partition0 - ok 01:40:06.0066 2500 Boot (0x1200) (45f483536ae83454c66affc567e1057d) \Device\Harddisk0\DR0\Partition1 01:40:06.0066 2500 \Device\Harddisk0\DR0\Partition1 - ok 01:40:06.0082 2500 Boot (0x1200) (5dba0415453e3b0f93d95ad52db6ac44) \Device\Harddisk1\DR2\Partition0 01:40:06.0082 2500 \Device\Harddisk1\DR2\Partition0 - ok 01:40:06.0082 2500 ============================================================ 01:40:06.0082 2500 Scan finished 01:40:06.0082 2500 ============================================================ 01:40:06.0144 3568 Detected object count: 1 01:40:06.0144 3568 Actual detected object count: 1 01:42:59.0040 3568 \Device\Harddisk0\DR0\# - copied to quarantine 01:42:59.0040 3568 \Device\Harddisk0\DR0 - copied to quarantine 01:43:01.0255 3568 \Device\Harddisk0\DR0 - processing error 01:43:07.0292 3568 \Device\Harddisk0\DR0 - will be restored on reboot 01:43:07.0308 3568 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore 01:43:17.0167 4148 Deinitialize success OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.07.2012 17:47:40 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Ilona\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,18 Mb Total Physical Memory | 334,18 Mb Available Physical Memory | 32,95% Memory free 2,16 Gb Paging File | 1,09 Gb Available in Paging File | 50,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80,00 Gb Total Space | 45,82 Gb Free Space | 57,27% Space Free | Partition Type: NTFS Drive D: | 59,03 Gb Total Space | 20,56 Gb Free Space | 34,83% Space Free | Partition Type: NTFS Computer Name: ILONA-HOME | User Name: Ilona | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.03 14:25:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ilona\Desktop\OTL.exe PRC - [2012.05.30 16:20:21 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fssm32.exe PRC - [2012.05.30 16:20:19 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\FSGK32.EXE PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.08 11:06:00 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsav32.exe PRC - [2011.10.04 13:33:38 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe PRC - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe PRC - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2011.05.31 15:34:31 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.24 18:53:42 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe PRC - [2010.12.20 18:12:55 | 000,330,696 | ---- | M] () -- C:\Program Files\Verbindungsassistent\wtgservice.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.07.13 23:26:12 | 004,302,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe PRC - [2010.07.13 23:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe PRC - [2010.07.13 23:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe PRC - [2010.01.07 00:24:32 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009.12.30 01:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe PRC - [2009.10.17 07:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2009.09.11 21:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009.08.28 01:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2009.08.19 03:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009.08.12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009.08.05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE PRC - [2009.08.05 17:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSM32.EXE PRC - [2009.08.05 17:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSHDLL32.EXE PRC - [2009.08.05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe PRC - [2009.07.20 11:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2009.06.05 05:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2011.10.04 13:33:38 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe MOD - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL MOD - [2009.12.30 01:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe MOD - [2009.08.05 17:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSPC\fspcfsm.eng MOD - [2009.08.05 17:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\unitymedia\sicherheitspaket\hips\fshook32.dll MOD - [2009.08.05 17:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\strres.eng MOD - [2009.08.05 17:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\gres.dll MOD - [2009.08.05 17:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\flyerres.eng MOD - [2009.08.05 17:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\fsavures.eng MOD - [2009.08.05 17:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\about.dll MOD - [2009.08.05 17:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\aboutres.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.22 12:36:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.364.0\BBSvc.exe -- (BBSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2011.05.31 15:34:31 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2010.12.24 18:53:42 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2010.12.20 18:12:55 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Verbindungsassistent\wtgservice.exe -- (WTGService) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.07.13 23:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2010.07.13 23:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2009.08.19 03:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009.08.05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE -- (FSMA) SRV - [2009.08.05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - [2012.07.03 14:47:54 | 000,043,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\uhbdhqse.sys -- (uhbdhqse) DRV - [2012.07.03 01:53:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.05.30 16:21:32 | 000,149,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2012.05.10 10:04:38 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts) DRV - [2012.04.22 08:57:19 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2012.04.22 08:57:19 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.04.22 08:57:19 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.12.24 18:55:21 | 000,073,160 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2010.12.24 18:54:04 | 000,036,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.05.19 23:52:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2009.09.22 01:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2009.08.05 17:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2009.08.05 17:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2009.07.27 09:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009.07.20 11:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.07.06 04:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009.07.01 06:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2007.02.16 21:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = ASUS Eee Family | Easy to Learn, Work and Play [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = ASUS Eee Family | Easy to Learn, Work and Play [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: searchpredict@speedbit.com:1.0.1.0 FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ilona\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ilona\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Unitymedia\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.06.05 18:15:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2011.01.28 14:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2011.01.28 14:24:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 12:36:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.30 11:54:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 12:36:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.30 11:54:12 | 000,000,000 | ---D | M] [2010.12.22 19:39:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ilona\AppData\Roaming\mozilla\Extensions [2010.12.22 19:39:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ilona\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.29 11:40:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ilona\AppData\Roaming\mozilla\Firefox\Profiles\13ebfkj8.default\extensions [2012.03.29 23:52:03 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Ilona\AppData\Roaming\mozilla\Firefox\Profiles\13ebfkj8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.30 20:23:00 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-1.xml [2011.09.02 02:38:41 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-2.xml [2011.09.08 13:09:45 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-3.xml [2011.10.03 16:16:12 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-4.xml [2011.11.13 11:07:14 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-5.xml [2011.12.26 21:01:03 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-6.xml [2012.02.03 17:54:58 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-7.xml [2012.02.20 14:19:50 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-8.xml [2012.02.23 23:53:40 | 000,000,950 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin-9.xml [2011.06.19 21:15:16 | 000,001,056 | -H-- | M] () -- C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\13ebfkj8.default\searchplugins\icqplugin.xml [2012.02.24 18:20:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.06.29 11:40:17 | 000,743,305 | -H-- | M] () (No name found) -- C:\USERS\ILONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13EBFKJ8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.22 12:36:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.07 21:21:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.07 21:21:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.07 21:21:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.07 21:21:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.07 21:21:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.07 21:21:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (Speedbit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll (Speedbit Ltd.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe () O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Unitymedia\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKCU..\Run: [biiWPEJPdbnXvw.exe] C:\ProgramData\biiWPEJPdbnXvw.exe () O4 - Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13E9E72E-1613-4435-835A-3581AEFA8EB7}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0bfd3d3d-1e9a-11e1-a8b0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0bfd3d3d-1e9a-11e1-a8b0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0bfd3d54-1e9a-11e1-a8b0-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{0bfd3d54-1e9a-11e1-a8b0-485b3918c266}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0bfd3d64-1e9a-11e1-a8b0-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{0bfd3d64-1e9a-11e1-a8b0-485b3918c266}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0cf64326-0dda-11e0-af6d-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{0cf64326-0dda-11e0-af6d-485b3918c266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0cf6432b-0dda-11e0-af6d-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{0cf6432b-0dda-11e0-af6d-485b3918c266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2065968b-00d7-11e0-8249-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{2065968b-00d7-11e0-8249-485b3918c266}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2065968f-00d7-11e0-8249-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{2065968f-00d7-11e0-8249-485b3918c266}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ecf55d83-8c35-11e1-a6ca-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{ecf55d83-8c35-11e1-a6ca-485b3918c266}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{ecf55d90-8c35-11e1-a6ca-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{ecf55d90-8c35-11e1-a6ca-485b3918c266}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{ecf55da5-8c35-11e1-a6ca-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{ecf55da5-8c35-11e1-a6ca-485b3918c266}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{ecf55db6-8c35-11e1-a6ca-485b3918c266}\Shell - "" = AutoRun O33 - MountPoints2\{ecf55db6-8c35-11e1-a6ca-485b3918c266}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: BambooScribeAutoStart.vbe - hkey= - key= - C:\Program Files\Vision Objects\Bamboo Scribe\BambooScribeAutoStart.vbe () MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.03 14:28:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ilona\Desktop\OTL.exe [2012.07.03 14:05:46 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{72D580AA-308C-4DE9-860F-26E1FE7F23DA} [2012.07.03 13:35:25 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{AFA6F61B-5343-43C3-8D3D-C1030FA95864} [2012.07.03 01:53:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012.07.03 01:42:58 | 000,000,000 | -H-D | C] -- C:\TDSSKiller_Quarantine [2012.07.03 00:25:48 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Roaming\Malwarebytes [2012.07.03 00:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.03 00:25:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2012.07.03 00:24:35 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.07.03 00:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.02 23:21:05 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.07.02 16:45:16 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{BABE367C-D948-4B8C-9262-E84F8C13B867} [2012.07.02 16:44:45 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F289AB16-2A5C-416C-99A7-6EA5235CBA41} [2012.06.30 20:01:18 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{CCAF08BF-6DFF-45BB-8AE4-8484BC91DEB3} [2012.06.29 12:26:47 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{6A304200-0D27-4B43-B9CB-B56085BE90B2} [2012.06.29 12:26:33 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{2EA902FF-56C7-4387-9143-8698B41AEB10} [2012.06.29 11:41:44 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{D3F886DF-DC0B-40A9-91F2-03337C1A3599} [2012.06.28 23:25:43 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{E3DC5EFA-482B-49AE-BE5C-9CFA0C71BEB8} [2012.06.28 23:24:40 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{349597B7-3672-4064-AADB-5684042C57C4} [2012.06.27 14:44:25 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{1675F396-3C64-418D-98EC-ACE7D9A99D9E} [2012.06.27 14:44:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{7B5371BB-7B42-4626-9657-BE054BDF2556} [2012.06.25 11:15:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{6A067B8C-B646-48A3-AD04-5394533ECC15} [2012.06.25 11:14:52 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{108ECA9D-C128-43A8-ADE0-E8EEFCC602AF} [2012.06.24 18:05:18 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F6190F3E-ACA5-466A-811C-A56C54171F69} [2012.06.24 18:04:39 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{A91A696E-0B3E-468C-B32B-F13FEBD924EE} [2012.06.23 15:33:32 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F994D70F-2114-4650-862C-59043BACFA27} [2012.06.23 15:33:16 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{FB04F42E-B773-4146-9BD2-8D5EA0D438A8} [2012.06.23 15:28:46 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{450B2E71-01FA-4416-B69F-D6C1702DAEAC} [2012.06.22 12:36:11 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{11FF019D-9A72-451D-858E-49DDEE8534C2} [2012.06.22 12:35:56 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F534263D-FF69-4AA7-9C22-C22D042877D7} [2012.06.21 20:32:42 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{C2675C5B-FDC3-4E12-A2BD-9786023FF4F6} [2012.06.21 20:32:25 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{A109646C-0FCD-48C8-BB4C-EB28FFE976B0} [2012.06.19 09:34:41 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{581F549A-C5B8-4A85-AE93-725966EFD6CB} [2012.06.19 09:34:10 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{B0730C56-F1EC-4367-BA3F-42A0F5568215} [2012.06.18 11:08:01 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{D9339E4C-3C26-4EC3-848E-F90AA15C89A5} [2012.06.16 18:48:34 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{287A41C1-AC6A-4774-B0EF-F2545252AF36} [2012.06.15 08:02:53 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{B3B08B14-4916-48FB-AEA5-8DDE16EC5274} [2012.06.14 11:12:37 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{2CB7C0A9-42C5-473F-A3CF-DBF39B44C562} [2012.06.14 11:12:02 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{8945853F-3FC2-4336-8AE6-D972FBE9BA2E} [2012.06.14 10:03:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{7C7EEFF6-D564-4846-A353-1E27C6229BEB} [2012.06.14 10:02:53 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{595B5184-7674-4536-8D75-4677A2000E7B} [2012.06.13 09:40:48 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{BD6E58AE-B4BC-4384-8411-39768F62B50C} [2012.06.13 09:40:03 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{CD88B638-C417-4485-AEB0-7B5401701567} [2012.06.12 17:18:37 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{9FE6EC6A-C022-4BF2-9FB7-03C5992F5E9B} [2012.06.12 17:18:09 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{A8B126FB-A408-4F83-B03E-E30C0A2A0194} [2012.06.12 17:16:14 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{93C19824-0F2A-4B01-B26B-53F90A088405} [2012.06.11 10:06:35 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{10850E1A-9766-46CC-95DF-EF89C48818CE} [2012.06.11 10:06:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{BE88980E-C39C-414B-9627-64E16EE510CC} [2012.06.08 14:06:30 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\HP [2012.06.08 14:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.06.08 14:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2012.06.08 14:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.06.08 13:59:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\HP [2012.06.08 06:47:55 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{F67223B8-32E3-4963-90D8-CE7FDD4AB3D0} [2012.06.08 06:47:00 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{B27A6BF8-8B96-46C3-BE8E-79846F94789B} [2012.06.07 15:20:24 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{A66C70CD-127E-438B-B530-F4B40CC6A2ED} [2012.06.07 15:20:00 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{84C3388F-E8E9-426A-B379-0AB0F490C845} [2012.06.06 17:43:20 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{AA80E774-313D-4B1A-8BA2-9B1FC1689F47} [2012.06.06 17:43:08 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{140FEB41-E87C-482D-A1DC-8C8F42BCAC74} [2012.06.06 15:15:11 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{AF84AEFC-EC44-4101-9BDC-9F66F1BA3746} [2012.06.05 21:52:13 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{9EF485B0-3987-49D6-A9B7-C02702A544F7} [2012.06.05 21:51:58 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{14DED362-89A0-4B4B-891C-5043FE7A6177} [2012.06.05 18:14:29 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\.thumbnails [2012.06.05 18:06:19 | 000,000,000 | -H-D | C] -- C:\Users\Ilona\AppData\Local\{ADBED957-A0A1-4E6B-8307-57249FA80B3D} ========== Files - Modified Within 30 Days ========== [2012.07.03 17:13:03 | 000,001,120 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3598527403-3197133421-4079309968-1000UA.job [2012.07.03 14:27:12 | 000,002,363 | -H-- | M] () -- C:\Users\Ilona\Desktop\Google Chrome.lnk [2012.07.03 14:25:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ilona\Desktop\OTL.exe [2012.07.03 14:21:43 | 000,000,000 | -H-- | M] () -- C:\Users\Ilona\defogger_reenable [2012.07.03 14:16:35 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 14:16:35 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 14:10:46 | 000,050,477 | -H-- | M] () -- C:\Users\Ilona\Desktop\Defogger.exe [2012.07.03 14:02:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.03 14:02:27 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2012.07.03 01:53:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012.07.03 01:35:34 | 002,075,184 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Ilona\Desktop\TDSSKiller.exe [2012.07.03 00:25:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 00:04:42 | 000,666,366 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.07.03 00:04:42 | 000,627,512 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.07.03 00:04:42 | 000,136,020 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.07.03 00:04:42 | 000,111,810 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.07.02 23:28:11 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-McCBw5c66nSc0Cr [2012.07.02 23:28:11 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-McCBw5c66nSc0C [2012.07.02 23:28:04 | 000,000,256 | -H-- | M] () -- C:\ProgramData\McCBw5c66nSc0C [2012.07.02 23:20:37 | 000,254,712 | -H-- | M] () -- C:\ProgramData\McCBw5c66nSc0C.exe [2012.07.02 23:06:28 | 000,346,360 | -H-- | M] () -- C:\ProgramData\biiWPEJPdbnXvw.exe [2012.07.02 23:03:53 | 000,106,174 | -H-- | M] () -- C:\Users\Ilona\Desktop\227502218645986791_1tV3JNq3_c.jpg [2012.07.02 23:03:28 | 000,091,091 | -H-- | M] () -- C:\Users\Ilona\Desktop\267330927850546803_GlGpOpP3_c.jpg [2012.07.02 23:03:07 | 000,026,551 | -H-- | M] () -- C:\Users\Ilona\Desktop\175921929163917745_MoQz17bn_c.jpg [2012.07.02 20:13:07 | 000,001,068 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3598527403-3197133421-4079309968-1000Core.job [2012.06.30 22:12:50 | 000,729,371 | -H-- | M] () -- C:\Users\Ilona\Desktop\index1.png [2012.06.30 22:12:32 | 000,729,371 | -H-- | M] () -- C:\Users\Ilona\Desktop\index.png [2012.06.30 22:02:14 | 000,004,427 | -H-- | M] () -- C:\Users\Ilona\Desktop\images1.jpg [2012.06.28 23:52:35 | 000,015,036 | -H-- | M] () -- C:\Users\Ilona\Documents\Nothing gonna change my love for.odt [2012.06.24 21:11:47 | 000,012,759 | -H-- | M] () -- C:\Users\Ilona\Documents\dankeschön give away.odt [2012.06.24 19:12:20 | 000,015,498 | -H-- | M] () -- C:\Users\Ilona\Documents\Give away.odt [2012.06.21 20:45:43 | 000,010,041 | -H-- | M] () -- C:\Users\Ilona\Documents\laura sophia.odt [2012.06.16 21:42:59 | 000,062,219 | -H-- | M] () -- C:\Users\Ilona\Documents\EinladungSchule1.xcf [2012.06.16 21:42:59 | 000,014,165 | -H-- | M] () -- C:\Users\Ilona\AppData\Local\recently-used.xbel [2012.06.16 21:41:52 | 000,073,006 | -H-- | M] () -- C:\Users\Ilona\Documents\Einladung Schule.xcf [2012.06.16 20:13:44 | 000,062,219 | -H-- | M] () -- C:\Users\Ilona\Documents\Schule.xcf [2012.06.14 11:08:06 | 000,378,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.06.13 20:26:40 | 000,033,679 | -H-- | M] () -- C:\Users\Ilona\Documents\Zahnfeebrief Shayna.odt [2012.06.13 20:19:06 | 000,045,415 | -H-- | M] () -- C:\Users\Ilona\Desktop\2180585-5531-.jpg [2012.06.13 19:51:26 | 000,024,040 | -H-- | M] () -- C:\Users\Ilona\Documents\briefpapier-design-13.pdf [2012.06.13 19:41:54 | 000,006,529 | -H-- | M] () -- C:\Users\Ilona\Desktop\imagesfee.jpg [2012.06.13 19:41:53 | 000,020,600 | -H-- | M] () -- C:\Users\Ilona\Desktop\1303807008-497.jpg [2012.06.08 16:18:38 | 000,016,138 | -H-- | M] () -- C:\Users\Ilona\Documents\Adressen Hochzeit.odt [2012.06.08 14:06:26 | 000,019,550 | ---- | M] () -- C:\windows\hpqins13.dat [2012.06.08 14:02:42 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012.06.06 18:52:04 | 000,012,739 | -H-- | M] () -- C:\Users\Ilona\Documents\für die freudentränen.odt ========== Files Created - No Company Name ========== [2012.07.03 14:21:43 | 000,000,000 | -H-- | C] () -- C:\Users\Ilona\defogger_reenable [2012.07.03 14:20:31 | 000,050,477 | -H-- | C] () -- C:\Users\Ilona\Desktop\Defogger.exe [2012.07.03 14:00:12 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.03 14:00:12 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012.07.03 14:00:12 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.03 14:00:12 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk [2012.07.03 14:00:12 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Open Office.lnk [2012.07.03 14:00:12 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\schobuk.lnk [2012.07.03 14:00:12 | 000,000,582 | ---- | C] () -- C:\Users\Public\Desktop\PDFZilla.lnk [2012.07.03 14:00:11 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk [2012.07.03 14:00:11 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012.07.03 14:00:11 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Internet Stick.lnk [2012.07.03 14:00:11 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\capella reader.lnk [2012.07.03 14:00:11 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk [2012.07.03 14:00:11 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.03 14:00:11 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Scribe 3.2.lnk [2012.07.03 14:00:11 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk [2012.07.03 14:00:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 14:00:11 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk [2012.07.03 14:00:11 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer.lnk [2012.07.03 14:00:11 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Comic Life.lnk [2012.07.03 14:00:10 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012.07.03 14:00:10 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.07.03 14:00:10 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012.07.03 14:00:10 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012.07.03 14:00:10 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012.07.03 14:00:10 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012.07.03 14:00:09 | 000,002,228 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2012.07.03 14:00:09 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012.07.03 14:00:08 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012.07.03 14:00:08 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012.07.03 14:00:08 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012.07.03 14:00:05 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2012.07.03 14:00:05 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.03 14:00:04 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2012.07.03 14:00:03 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.07.03 14:00:02 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock.lnk [2012.07.03 13:59:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.07.03 13:59:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.07.03 13:59:57 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk [2012.07.02 23:21:07 | 000,000,136 | -H-- | C] () -- C:\ProgramData\-McCBw5c66nSc0Cr [2012.07.02 23:21:07 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-McCBw5c66nSc0C [2012.07.02 23:20:54 | 000,000,256 | -H-- | C] () -- C:\ProgramData\McCBw5c66nSc0C [2012.07.02 23:20:37 | 000,254,712 | -H-- | C] () -- C:\ProgramData\McCBw5c66nSc0C.exe [2012.07.02 23:09:09 | 000,346,360 | -H-- | C] () -- C:\ProgramData\biiWPEJPdbnXvw.exe [2012.07.02 23:03:52 | 000,106,174 | -H-- | C] () -- C:\Users\Ilona\Desktop\227502218645986791_1tV3JNq3_c.jpg [2012.07.02 23:03:27 | 000,091,091 | -H-- | C] () -- C:\Users\Ilona\Desktop\267330927850546803_GlGpOpP3_c.jpg [2012.07.02 23:02:49 | 000,026,551 | -H-- | C] () -- C:\Users\Ilona\Desktop\175921929163917745_MoQz17bn_c.jpg [2012.06.30 22:12:49 | 000,729,371 | -H-- | C] () -- C:\Users\Ilona\Desktop\index1.png [2012.06.30 22:12:29 | 000,729,371 | -H-- | C] () -- C:\Users\Ilona\Desktop\index.png [2012.06.30 22:01:53 | 000,004,427 | -H-- | C] () -- C:\Users\Ilona\Desktop\images1.jpg [2012.06.28 23:52:35 | 000,015,036 | -H-- | C] () -- C:\Users\Ilona\Documents\Nothing gonna change my love for.odt [2012.06.24 21:11:43 | 000,012,759 | -H-- | C] () -- C:\Users\Ilona\Documents\dankeschön give away.odt [2012.06.24 19:12:17 | 000,015,498 | -H-- | C] () -- C:\Users\Ilona\Documents\Give away.odt [2012.06.21 20:45:43 | 000,010,041 | -H-- | C] () -- C:\Users\Ilona\Documents\laura sophia.odt [2012.06.16 21:42:59 | 000,062,219 | -H-- | C] () -- C:\Users\Ilona\Documents\EinladungSchule1.xcf [2012.06.16 21:42:59 | 000,014,165 | -H-- | C] () -- C:\Users\Ilona\AppData\Local\recently-used.xbel [2012.06.16 21:41:52 | 000,073,006 | -H-- | C] () -- C:\Users\Ilona\Documents\Einladung Schule.xcf [2012.06.16 19:26:57 | 000,062,219 | -H-- | C] () -- C:\Users\Ilona\Documents\Schule.xcf [2012.06.13 20:26:37 | 000,033,679 | -H-- | C] () -- C:\Users\Ilona\Documents\Zahnfeebrief Shayna.odt [2012.06.13 20:18:56 | 000,045,415 | -H-- | C] () -- C:\Users\Ilona\Desktop\2180585-5531-.jpg [2012.06.13 19:51:26 | 000,024,040 | -H-- | C] () -- C:\Users\Ilona\Documents\briefpapier-design-13.pdf [2012.06.13 19:41:18 | 000,020,600 | -H-- | C] () -- C:\Users\Ilona\Desktop\1303807008-497.jpg [2012.06.13 19:39:43 | 000,006,529 | -H-- | C] () -- C:\Users\Ilona\Desktop\imagesfee.jpg [2012.06.08 16:18:35 | 000,016,138 | -H-- | C] () -- C:\Users\Ilona\Documents\Adressen Hochzeit.odt [2012.06.08 13:59:44 | 000,019,550 | ---- | C] () -- C:\windows\hpqins13.dat [2012.06.06 18:52:01 | 000,012,739 | -H-- | C] () -- C:\Users\Ilona\Documents\für die freudentränen.odt [2012.04.13 22:58:02 | 000,014,626 | -H-- | C] () -- C:\Users\Ilona\gottes_liebe_ist_so_wunderbar.gif [2012.04.13 19:41:02 | 000,520,854 | -H-- | C] () -- C:\Users\Ilona\gottes_liebe_ist_so_wunderbar.bmp [2012.04.08 22:43:42 | 005,672,968 | -H-- | C] () -- C:\Users\Ilona\Ilona 1.cl2arc [2012.04.08 21:07:22 | 000,000,008 | RHS- | C] () -- C:\ProgramData\sysqcl1129067056.dat [2012.04.08 19:39:32 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat [2012.02.21 19:45:37 | 001,760,975 | -H-- | C] () -- C:\Users\Ilona\DSC05109.JPG [2012.02.21 19:45:31 | 001,786,838 | -H-- | C] () -- C:\Users\Ilona\DSC05108.JPG [2012.02.21 19:44:32 | 001,751,685 | -H-- | C] () -- C:\Users\Ilona\DSC05092.JPG [2012.02.21 19:43:55 | 001,313,529 | -H-- | C] () -- C:\Users\Ilona\DSC05086.JPG [2011.02.17 21:51:59 | 000,000,090 | -H-- | C] () -- C:\Users\Ilona\AppData\Roaming\wklnhst.dat [2010.12.06 21:09:11 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2010.12.06 21:04:58 | 000,044,184 | ---- | C] () -- C:\windows\System32\drivers\fsbts.sys [2010.12.06 04:36:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.07 00:49:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012.04.22 12:15:51 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\ALDITALKVerbindungsassistent [2010.12.16 03:54:05 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Ambient Design [2011.01.11 17:58:22 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Asus [2012.05.30 16:16:52 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Asus WebStorage [2010.12.16 04:20:52 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Bamboo Explore [2012.04.08 21:07:22 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\CocotronLibrary [2010.01.08 00:43:29 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\E-Cam [2011.01.30 11:35:32 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\fotobuch.de AG [2010.12.10 14:50:06 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\GoBoingo [2011.11.11 23:05:28 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\ICQ [2010.12.10 14:24:46 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\OpenOffice.org [2012.06.23 22:04:16 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\SimpleScreenshot [2011.02.17 21:52:56 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Template [2010.12.22 19:39:43 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Thunderbird [2012.03.17 16:48:04 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Verbindungsassistent [2010.12.24 21:27:04 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Vision Objects [2010.12.22 16:04:29 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Wacom [2010.12.22 16:04:32 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2011.01.27 19:48:25 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\Windows Live Writer [2012.01.21 12:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Ilona\AppData\Roaming\YCanPDF [2012.06.06 15:14:27 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.05 04:48:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.12.06 21:01:43 | 000,000,000 | -H-D | M] -- C:\0ae4c7654572ab26c33bdd [2010.12.06 21:37:04 | 000,000,000 | -H-D | M] -- C:\0c53facb9bd109a79676cc34a3 [2012.05.30 19:56:51 | 000,000,000 | -H-D | M] -- C:\AsusVibeData [2011.05.20 16:02:33 | 000,000,000 | -HSD | M] -- C:\aws [2011.09.07 14:17:08 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.09 21:17:02 | 000,000,000 | -HSD | M] -- C:\found.000 [2010.01.06 23:39:18 | 000,000,000 | -H-D | M] -- C:\Intel [2012.01.21 12:49:14 | 000,000,000 | -H-D | M] -- C:\output [2012.01.21 12:39:17 | 000,000,000 | -H-D | M] -- C:\PDFZilla [2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2012.07.03 00:24:34 | 000,000,000 | R--D | M] -- C:\Program Files [2012.07.03 00:25:05 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.12.05 04:34:04 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.07.03 17:53:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.07.03 01:42:58 | 000,000,000 | -H-D | M] -- C:\TDSSKiller_Quarantine [2012.01.21 12:47:40 | 000,000,000 | -H-D | M] -- C:\tmp [2010.12.05 04:35:54 | 000,000,000 | R--D | M] -- C:\Users [2012.06.08 13:59:44 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Ilona\AppData\Local\Temp\RarSFX0\procs\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Ilona\AppData\Local\Temp\RarSFX1\procs\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Ilona\AppData\Local\Temp\RarSFX0\h\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Ilona\AppData\Local\Temp\RarSFX1\h\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Ilona\AppData\Local\Temp\RarSFX0\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Ilona\AppData\Local\Temp\RarSFX1\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Ilona\AppData\Local\Temp\RarSFX0\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Ilona\AppData\Local\Temp\RarSFX1\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.07.03 14:21:43 | 000,000,000 | -H-- | M] () -- C:\Users\Ilona\defogger_reenable [2011.08.12 17:28:48 | 001,313,529 | -H-- | M] () -- C:\Users\Ilona\DSC05086.JPG [2011.08.12 17:33:28 | 001,751,685 | -H-- | M] () -- C:\Users\Ilona\DSC05092.JPG [2011.08.12 17:42:44 | 001,786,838 | -H-- | M] () -- C:\Users\Ilona\DSC05108.JPG [2011.08.15 15:10:30 | 001,760,975 | -H-- | M] () -- C:\Users\Ilona\DSC05109.JPG [2012.04.13 19:41:02 | 000,520,854 | -H-- | M] () -- C:\Users\Ilona\gottes_liebe_ist_so_wunderbar.bmp [2012.04.13 22:58:14 | 000,014,626 | -H-- | M] () -- C:\Users\Ilona\gottes_liebe_ist_so_wunderbar.gif [2012.04.10 23:15:53 | 005,672,968 | -H-- | M] () -- C:\Users\Ilona\Ilona 1.cl2arc [2012.07.03 17:52:46 | 003,145,728 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat [2012.07.03 17:52:46 | 000,262,144 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat.LOG1 [2010.12.05 04:35:58 | 000,000,000 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat.LOG2 [2010.12.05 04:49:57 | 000,065,536 | -HS- | M] () -- C:\Users\Ilona\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.12.05 04:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\Ilona\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.12.05 04:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\Ilona\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.04.29 14:33:24 | 000,065,536 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat{c657ac8b-91ee-11e1-a290-485b3918c266}.TM.blf [2012.04.29 14:33:24 | 000,524,288 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat{c657ac8b-91ee-11e1-a290-485b3918c266}.TMContainer00000000000000000001.regtrans-ms [2012.04.29 14:33:24 | 000,524,288 | -HS- | M] () -- C:\Users\Ilona\ntuser.dat{c657ac8b-91ee-11e1-a290-485b3918c266}.TMContainer00000000000000000002.regtrans-ms [2009.07.14 06:53:59 | 000,000,020 | -HS- | M] () -- C:\Users\Ilona\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 714 bytes -> C:\windows\System32\drivers\uhbdhqse.sys:changelist @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > So, die Movedfiles.zip wurde erfolgreich hochgeladen |
|
03.07.2012, 22:42
| #8 |
| /// Malware-holic | Data Recovery, S.M.A.R.T Repair hi, 1. nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches? für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.07.2012, 22:52
| #9 |
| | Data Recovery, S.M.A.R.T Repair Meine Frau nutzt diesen auch für Banking usw. Warum??? Haben wir jetzt ein Problem???? Da sind mehrere Namen: 1. Administrator 2. All Users 3. Default 4. Default User 5. Ilona 6. Öffentlich Ich nehme einfach mal Ilona denn das ist Sie. Ist hochgeladen!!!!! Geändert von LeveMak (03.07.2012 um 23:04 Uhr) |
|
04.07.2012, 16:24
| #10 |
| /// Malware-holic | Data Recovery, S.M.A.R.T Repair hi bank bitte anrufen, onlinebanking wegen rootkits sperren lassen der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2012, 13:09
| #11 |
| | Data Recovery, S.M.A.R.T Repair Hallo Markus, Bank ist verständigt, Onlinebanking erstmal gesperrt! Die waren ganz überrascht, weil es wohl das erste Mal war das deswegen jemand angerufen hat. Nun noch eine Frage: Ich würde die Daten gerne auf einer externen Festplatte sichern, jedoch liegen dort unsere ganzen Fotos und Videos drauf. Kopiere ich dann nicht auch den Virus, Trojaner oder was auch immer es ist, mit auf die Festplatte? Danke im Voraus. |
|
05.07.2012, 13:32
| #12 |
| /// Malware-holic | Data Recovery, S.M.A.R.T Repair hi, was du wie sichern kannst steht im letzten post auf seite 1 :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.07.2012, 18:15
| #13 | |
| | Data Recovery, S.M.A.R.T Repair Hallo Markus, habe nun alle persönlichen Dateien gesichert auf externer Festplatte (wo ich vorher alles wichtige runtergenommen habe). Nun, geht es ja um formatieren usw. Meine Frau hat einen ASUS Eee PC. Also kein Laufwerk usw. Nun weiss ich natürlich nicht ob dieser eine Recovery Partition hat. Wie finde ich das heraus? Mit besten Grüßen Zitat:
|
|
17.07.2012, 22:40
| #14 |
| /// Malware-holic | Data Recovery, S.M.A.R.T Repair hi sorry für die wartezeit, vieiel los. als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.72 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Data Recovery, S.M.A.R.T Repair |
| aktiviere, bereinigen, data, dateien, desktop, eigene dateien, erschein, erscheint, führt, geld, hallo zusammen, message, namens, programm, recovery, scan, scann, schei, schwarz, system, verzweifel, verzweifelt, zusammen, öffnet, öffnet sich ständig |
Linear-Darstellung
