|
Plagegeister aller Art und deren Bekämpfung: Google öffnet "falsche Links", hatte ANTIVIRUS GTWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.09.2010, 11:04 | #1 |
| Google öffnet "falsche Links", hatte ANTIVIRUS GT Ich besitze ein Netbook mit Windows 7 Starter. Vor kurzem hatte ich auf meinem Computer den Antivirus GT. Bis jetzt habe ich geschafft den Virus zu löschen und seine Verwüstung erfolgreich einzustellen. 1. Netbook ist langsamer geworden 2. Zum Starten muss ich F2 drücken damit er überhaupt hochfährt (ansonsten schwarzer Bildschirm mit blinkendem weißen Strich) 3. Google öffnet andere Seiten wie geplant Habe Antivirus AVG und Spybot Search & Destroy (neu-installiert) Habe mich in Foren erkundigt und RIST, Malwarebytes, GMER herruntergeladen Ich befinde mich in Australien, daher werde ich nicht immer sofort zurückschreiben können (+8h Verschiebung) Danke im Vorraus mfg gregor |
13.09.2010, 12:50 | #2 |
/// Malware-holic | Google öffnet "falsche Links", hatte ANTIVIRUS GT spybot kann wieder runter.
__________________wenn Malwarebytes was gefunden hatt, schau unter logdateien, poste das scan log. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
15.09.2010, 06:34 | #3 |
| Google öffnet "falsche Links", hatte ANTIVIRUS GT mbam habe ich nicht erstellt, sag mir bescheid wenn du das log benötigst
__________________Combofix Logfile: Code:
ATTFilter ComboFix 10-09-14.01 - Gregor 15.09.2010 6:47.1.2 - x86 Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.2038.1276 [GMT 2:00] ausgeführt von:: c:\users\Gregor\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\progra~1\AVG\AVG9\avgtray.exe c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe c:\program files\ASUS\APRP\APRP.EXE c:\program files\ASUS\LivCam\LivCam.exe c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe c:\program files\pdf24\pdf24.exe c:\programdata\FullRemove.exe c:\windows\AsScrPro.exe c:\windows\system32\Thumbs.db mfg gregger Geändert von gregger (15.09.2010 um 06:39 Uhr) |
15.09.2010, 08:51 | #4 |
| Google öffnet "falsche Links", hatte ANTIVIRUS GT mbam hat nichts gefunden, eben durchlaufen lassen... (war die aktuellste Version) |
15.09.2010, 10:26 | #5 |
/// Malware-holic | Google öffnet "falsche Links", hatte ANTIVIRUS GT bitte keine scans ohne absprache, bringt nur alles durcheinander. 123.200.191.18 Lade http://filepony.de/download-defogger/ herunter und speichere es auf Deinem Desktop. Doppelklicke DeFogger, um das Tool zu starten. • Es öffnet sich das Programm-Fenster des Tools. • Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren. • Klicke Ja, um fortzufahren. • Wenn die Nachricht 'Finished!' erscheint, • klicke OK. • DeFogger wird nun einen Reboot erfragen - klicke OK • Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird. kennst du diese ip? ist das die deines providers? start programme zubehör editor, kopiere rein: Killall:: Rootkit:: c:\programdata\7mgHEu.dat c:\windows\Fonts\A4QeWv.com AtJob:: datei speichern unter, speicherort, wo sich combofix.exe befindet, typ alle dateien, name cfscript.txt ziehe cfscript.txt auf combofix, programm startet, log posten. |
15.09.2010, 12:38 | #6 |
| Google öffnet "falsche Links", hatte ANTIVIRUS GT 123.200.191.18 ja müsste die provider ip sein, ich benutze einen Broadband Stick von Virgin mobile dies (in Autralien gekauft) defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:35 on 15/09/2010 (Gregor) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- Combofix Logfile: Code:
ATTFilter ComboFix 10-09-14.01 - Gregor 15.09.2010 12:53:27.2.2 - x86 Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.2038.1431 [GMT 2:00] ausgeführt von:: c:\users\Gregor\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Gregor\Desktop\cfscript.txt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((( Dateien erstellt von 2010-08-15 bis 2010-09-15 )))))))))))))))))))))))))))))) . 2010-09-15 11:12 . 2010-09-15 11:14 -------- d-----w- c:\users\Gregor\AppData\Local\temp 2010-09-15 11:12 . 2010-09-15 11:12 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-09-15 11:12 . 2010-09-15 11:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-15 10:39 . 2010-09-15 10:40 -------- d-----w- C:\32788R22FWJFW 2010-09-15 07:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-15 07:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-12 12:14 . 2010-09-15 03:15 -------- d-----w- C:\fixwareout 2010-09-12 11:34 . 2010-09-12 11:34 -------- d-----w- c:\users\Gregor\AppData\Roaming\Malwarebytes 2010-09-12 11:33 . 2010-09-12 11:33 -------- d-----w- c:\programdata\Malwarebytes 2010-09-12 11:33 . 2010-09-15 07:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-12 11:24 . 2010-09-12 11:24 -------- d-----w- C:\rsit 2010-09-12 11:24 . 2010-09-12 11:24 -------- d-----w- c:\program files\trend micro 2010-09-12 04:20 . 2010-09-14 09:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-09-12 04:09 . 2010-09-15 03:15 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 5 2010-09-11 08:02 . 2010-09-11 08:02 -------- d-----w- c:\users\Gregor\AppData\Roaming\EeeStorageUploader 2010-09-06 23:56 . 2010-09-15 03:15 -------- d-----w- c:\program files\etax2010 2010-09-06 12:50 . 2010-09-06 12:50 -------- d-----w- C:\$AVG 2010-09-06 12:07 . 2010-09-15 05:02 -------- d-----w- c:\program files\pdf24 2010-09-04 03:32 . 2010-09-04 03:32 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys 2010-09-04 03:32 . 2010-09-04 03:32 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys 2010-09-04 03:32 . 2010-09-04 03:32 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys 2010-09-04 03:31 . 2010-09-04 03:31 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-09-04 03:17 . 2010-09-04 03:17 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe 2010-09-04 03:17 . 2010-09-04 03:17 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll 2010-09-04 03:17 . 2010-09-04 03:17 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe 2010-09-04 03:17 . 2010-09-04 03:17 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll 2010-09-03 22:48 . 2010-08-30 11:57 767952 ----a-w- c:\windows\BDTSupport.dll 2010-09-03 22:47 . 2010-09-04 12:03 -------- d-----w- c:\program files\PC Tools Security 2010-09-03 22:47 . 2010-09-04 12:03 -------- d-----w- c:\program files\Common Files\PC Tools 2010-09-03 22:47 . 2010-09-03 22:47 -------- d-----w- c:\users\Gregor\AppData\Roaming\PC Tools 2010-09-03 15:15 . 2010-09-04 12:03 -------- d-----w- c:\programdata\PC Tools . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 10:58 . 2009-07-26 01:49 682914 ----a-w- c:\windows\system32\perfh010.dat 2010-09-15 10:58 . 2009-07-26 01:49 124850 ----a-w- c:\windows\system32\perfc010.dat 2010-09-15 10:58 . 2009-07-26 01:39 684260 ----a-w- c:\windows\system32\perfh013.dat 2010-09-15 10:58 . 2009-07-26 01:39 130452 ----a-w- c:\windows\system32\perfc013.dat 2010-09-15 10:58 . 2009-07-26 01:28 647376 ----a-w- c:\windows\system32\perfh007.dat 2010-09-15 10:58 . 2009-07-26 01:28 127404 ----a-w- c:\windows\system32\perfc007.dat 2010-09-15 10:58 . 2009-07-26 01:18 687858 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-15 10:58 . 2009-07-26 01:18 127914 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-15 10:10 . 2010-06-24 22:15 -------- d-----w- c:\users\Gregor\AppData\Roaming\Skype 2010-09-15 09:54 . 2010-06-24 22:17 -------- d-----w- c:\users\Gregor\AppData\Roaming\skypePM 2010-09-15 03:52 . 2010-09-15 03:39 112 ----a-w- c:\programdata\7mgHEu.dat 2010-09-15 03:15 . 2010-06-24 16:47 -------- d-----w- c:\users\Gregor\AppData\Roaming\ASUS WebStorage 2010-09-15 03:15 . 2010-07-26 05:39 -------- d-----w- c:\program files\FreeGPS 2010-09-04 12:03 . 2010-06-26 11:36 -------- d-----w- c:\users\Gregor\AppData\Roaming\vlc 2010-09-04 12:03 . 2010-06-26 09:55 -------- d-----w- c:\users\Gregor\AppData\Roaming\teamspeak2 2010-09-04 12:01 . 2010-06-24 19:43 -------- d-----w- c:\program files\AVG 2010-09-04 03:31 . 2010-06-24 19:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-09-04 03:31 . 2010-06-24 19:43 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-09-04 03:30 . 2010-06-24 19:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-09-04 03:05 . 2010-06-26 10:03 -------- d-----w- c:\programdata\Installations 2010-09-04 03:05 . 2010-07-12 13:25 -------- d-----w- c:\program files\Nokia 2010-09-04 02:52 . 2010-06-24 19:43 -------- d-----w- c:\programdata\avg9 2010-08-12 04:53 . 2010-01-06 21:58 -------- d-----w- c:\program files\Microsoft Works 2010-08-12 04:30 . 2010-01-06 21:56 -------- d-----w- c:\programdata\Microsoft Help 2010-08-12 00:30 . 2010-06-26 09:54 -------- d-----w- c:\program files\TeamSpeak 3 Client 2010-07-29 06:30 . 2010-08-12 00:31 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-12 00:31 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-19 12:43 . 2010-07-19 12:39 -------- d-----w- c:\program files\Google 2010-07-18 08:43 . 2010-07-18 08:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf 2010-07-18 08:43 . 2010-07-12 13:27 -------- d-----w- c:\programdata\PC Suite 2010-07-12 13:24 . 2010-07-12 13:24 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe 2010-07-12 13:24 . 2010-07-12 13:24 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe 2010-07-12 13:24 . 2010-07-12 13:24 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-07-12 13:24 . 2010-07-12 13:24 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe 2010-07-12 13:23 . 2010-07-12 13:24 36426336 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ger_web.exe 2010-06-30 06:25 . 2010-08-12 00:31 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 13:26 . 2010-06-24 16:47 110816 ----a-w- c:\users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-25 00:28 . 2010-06-25 00:28 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-06-25 00:23 . 2010-06-25 00:23 0 ----a-w- c:\users\Gregor\AppData\Roaming\wklnhst.dat 2010-06-24 22:17 . 2010-06-24 22:17 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-06-24 20:15 . 2010-06-24 20:19 53632 ----a-w- c:\users\Gregor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-24 20:15 . 2010-06-24 20:07 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-22 02:47 . 2010-08-12 00:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-22 02:47 . 2010-08-12 00:31 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-22 02:47 . 2010-08-12 00:31 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-06-19 06:33 . 2010-08-12 00:31 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:33 . 2010-08-12 00:31 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:23 . 2010-08-12 00:31 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 04:07 . 2010-08-12 00:31 2326016 ----a-w- c:\windows\system32\win32k.sys 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . Nach den Logs habe ich mich wieder mit meinem Broadband Stick ins Internet eingeloggt, um die Logs zu senden (Falls das ein Problem für darstellt, teile es mir mit) |
15.09.2010, 12:42 | #7 |
/// Malware-holic | Google öffnet "falsche Links", hatte ANTIVIRUS GT ne, ich hatte mich nur über die ip gewundert. nutze den kaspersky tdss killer Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? falls etwas gefunden wurde, teile mir mit, welche atkion du ausgewählt hast. cure sollte angewendet werden. |
15.09.2010, 13:10 | #8 |
| Google öffnet "falsche Links", hatte ANTIVIRUS GT 2010/09/15 13:59:04.0922 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/15 13:59:04.0922 ================================================================================ 2010/09/15 13:59:04.0922 SystemInfo: 2010/09/15 13:59:04.0922 2010/09/15 13:59:04.0922 OS Version: 6.1.7600 ServicePack: 0.0 2010/09/15 13:59:04.0922 Product type: Workstation 2010/09/15 13:59:04.0922 ComputerName: KI_NET 2010/09/15 13:59:04.0922 UserName: Gregor 2010/09/15 13:59:04.0922 Windows directory: C:\windows 2010/09/15 13:59:04.0922 System windows directory: C:\windows 2010/09/15 13:59:04.0922 Processor architecture: Intel x86 2010/09/15 13:59:04.0922 Number of processors: 2 2010/09/15 13:59:04.0922 Page size: 0x1000 2010/09/15 13:59:04.0922 Boot type: Normal boot 2010/09/15 13:59:04.0922 ================================================================================ 2010/09/15 13:59:05.0671 Initialize success 2010/09/15 14:00:12.0205 ================================================================================ 2010/09/15 14:00:12.0205 Scan started 2010/09/15 14:00:12.0205 Mode: Manual; 2010/09/15 14:00:12.0205 ================================================================================ 2010/09/15 14:00:13.0921 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys 2010/09/15 14:00:14.0545 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys 2010/09/15 14:00:15.0028 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys 2010/09/15 14:00:15.0777 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 2010/09/15 14:00:16.0417 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 2010/09/15 14:00:17.0072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 2010/09/15 14:00:17.0680 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys 2010/09/15 14:00:18.0133 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys 2010/09/15 14:00:18.0710 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 2010/09/15 14:00:19.0303 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys 2010/09/15 14:00:19.0771 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys 2010/09/15 14:00:20.0270 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys 2010/09/15 14:00:20.0847 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 2010/09/15 14:00:21.0424 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 2010/09/15 14:00:22.0095 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys 2010/09/15 14:00:22.0750 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 2010/09/15 14:00:23.0343 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys 2010/09/15 14:00:23.0858 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys 2010/09/15 14:00:24.0466 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 2010/09/15 14:00:24.0950 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 2010/09/15 14:00:25.0449 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys 2010/09/15 14:00:25.0980 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 2010/09/15 14:00:26.0510 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys 2010/09/15 14:00:27.0165 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys 2010/09/15 14:00:27.0961 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\windows\system32\Drivers\avgldx86.sys 2010/09/15 14:00:28.0476 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\windows\system32\Drivers\avgmfx86.sys 2010/09/15 14:00:29.0053 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\windows\system32\Drivers\avgtdix.sys 2010/09/15 14:00:29.0568 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 2010/09/15 14:00:30.0082 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 2010/09/15 14:00:30.0660 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 2010/09/15 14:00:31.0221 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 2010/09/15 14:00:31.0767 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys 2010/09/15 14:00:32.0235 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 2010/09/15 14:00:32.0781 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 2010/09/15 14:00:33.0436 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 2010/09/15 14:00:33.0920 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 2010/09/15 14:00:34.0388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 2010/09/15 14:00:34.0887 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 2010/09/15 14:00:37.0430 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys 2010/09/15 14:00:38.0023 BtHidBus (da9e15e55c33392d7dfd7f21116214be) C:\windows\system32\Drivers\BtHidBus.sys 2010/09/15 14:00:38.0616 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 2010/09/15 14:00:39.0115 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 2010/09/15 14:00:39.0630 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys 2010/09/15 14:00:40.0129 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys 2010/09/15 14:00:40.0659 btnetBUs (7bb8ac22bc9e6a1e7707daecada95cd9) C:\windows\system32\Drivers\btnetBus.sys 2010/09/15 14:00:41.0174 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys 2010/09/15 14:00:43.0998 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 2010/09/15 14:00:44.0528 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys 2010/09/15 14:00:45.0043 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 2010/09/15 14:00:45.0542 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 2010/09/15 14:00:46.0088 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 2010/09/15 14:00:46.0572 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys 2010/09/15 14:00:47.0149 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys 2010/09/15 14:00:47.0632 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 2010/09/15 14:00:48.0100 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys 2010/09/15 14:00:48.0662 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 2010/09/15 14:00:49.0317 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys 2010/09/15 14:00:49.0816 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 2010/09/15 14:00:50.0316 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 2010/09/15 14:00:50.0924 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 2010/09/15 14:00:51.0470 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys 2010/09/15 14:00:52.0297 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 2010/09/15 14:00:52.0952 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 2010/09/15 14:00:53.0404 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys 2010/09/15 14:00:53.0966 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 2010/09/15 14:00:54.0481 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 2010/09/15 14:00:55.0027 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 2010/09/15 14:00:55.0588 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 2010/09/15 14:00:56.0025 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 2010/09/15 14:00:56.0493 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 2010/09/15 14:00:57.0055 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 2010/09/15 14:00:57.0616 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 2010/09/15 14:00:58.0100 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys 2010/09/15 14:00:58.0615 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys 2010/09/15 14:00:59.0301 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\windows\system32\DRIVERS\fvevol.sys 2010/09/15 14:00:59.0754 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 2010/09/15 14:01:00.0315 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 2010/09/15 14:01:00.0846 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys 2010/09/15 14:01:01.0314 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys 2010/09/15 14:01:01.0735 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 2010/09/15 14:01:02.0218 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 2010/09/15 14:01:02.0718 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 2010/09/15 14:01:03.0264 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys 2010/09/15 14:01:03.0934 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys 2010/09/15 14:01:04.0496 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys 2010/09/15 14:01:05.0026 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\windows\system32\DRIVERS\ewusbmdm.sys 2010/09/15 14:01:05.0510 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys 2010/09/15 14:01:06.0087 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys 2010/09/15 14:01:06.0789 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 2010/09/15 14:01:07.0288 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys 2010/09/15 14:01:08.0006 igfx (81f7c715528ab621c6af58869d4b07b9) C:\windows\system32\DRIVERS\igdkmd32.sys 2010/09/15 14:01:08.0724 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 2010/09/15 14:01:09.0582 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys 2010/09/15 14:01:10.0096 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys 2010/09/15 14:01:10.0611 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 2010/09/15 14:01:11.0126 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 2010/09/15 14:01:11.0641 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys 2010/09/15 14:01:12.0140 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 2010/09/15 14:01:12.0748 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 2010/09/15 14:01:13.0263 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys 2010/09/15 14:01:13.0747 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys 2010/09/15 14:01:14.0480 IvtBtBUs (132eb047e3f94dc9eab83c74e8c2e85a) C:\windows\system32\Drivers\IvtBtBus.sys 2010/09/15 14:01:15.0026 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys 2010/09/15 14:01:15.0556 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys 2010/09/15 14:01:16.0134 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys 2010/09/15 14:01:16.0742 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys 2010/09/15 14:01:17.0272 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys 2010/09/15 14:01:17.0834 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys 2010/09/15 14:01:18.0567 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 2010/09/15 14:01:19.0300 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 2010/09/15 14:01:19.0815 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 2010/09/15 14:01:20.0330 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 2010/09/15 14:01:20.0829 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 2010/09/15 14:01:21.0391 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 2010/09/15 14:01:21.0968 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 2010/09/15 14:01:22.0514 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 2010/09/15 14:01:23.0029 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 2010/09/15 14:01:23.0559 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 2010/09/15 14:01:24.0090 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 2010/09/15 14:01:24.0729 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 2010/09/15 14:01:25.0197 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys 2010/09/15 14:01:25.0697 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys 2010/09/15 14:01:26.0243 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 2010/09/15 14:01:26.0820 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys 2010/09/15 14:01:27.0350 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys 2010/09/15 14:01:27.0881 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys 2010/09/15 14:01:28.0364 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys 2010/09/15 14:01:28.0863 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys 2010/09/15 14:01:29.0347 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys 2010/09/15 14:01:29.0924 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 2010/09/15 14:01:30.0408 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 2010/09/15 14:01:31.0063 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys 2010/09/15 14:01:31.0656 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 2010/09/15 14:01:32.0139 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 2010/09/15 14:01:32.0607 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 2010/09/15 14:01:33.0107 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 2010/09/15 14:01:33.0824 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys 2010/09/15 14:01:34.0292 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 2010/09/15 14:01:34.0807 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 2010/09/15 14:01:35.0384 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 2010/09/15 14:01:35.0915 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 2010/09/15 14:01:36.0476 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys 2010/09/15 14:01:36.0975 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 2010/09/15 14:01:37.0521 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 2010/09/15 14:01:38.0021 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys 2010/09/15 14:01:38.0504 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys 2010/09/15 14:01:39.0003 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys 2010/09/15 14:01:39.0581 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 2010/09/15 14:01:40.0173 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys 2010/09/15 14:01:40.0813 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 2010/09/15 14:01:42.0794 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 2010/09/15 14:01:43.0293 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 2010/09/15 14:01:43.0839 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys 2010/09/15 14:01:44.0339 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 2010/09/15 14:01:44.0822 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys 2010/09/15 14:01:45.0290 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys 2010/09/15 14:01:45.0914 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys 2010/09/15 14:01:46.0491 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys 2010/09/15 14:01:47.0334 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 2010/09/15 14:01:47.0927 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys 2010/09/15 14:01:48.0426 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 2010/09/15 14:01:49.0549 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys 2010/09/15 14:01:50.0095 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys 2010/09/15 14:01:50.0594 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 2010/09/15 14:01:51.0078 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 2010/09/15 14:01:51.0717 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 2010/09/15 14:01:52.0653 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 2010/09/15 14:01:53.0153 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 2010/09/15 14:01:53.0761 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 2010/09/15 14:01:54.0307 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 2010/09/15 14:01:54.0853 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 2010/09/15 14:01:55.0383 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 2010/09/15 14:01:55.0883 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 2010/09/15 14:01:56.0366 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 2010/09/15 14:01:56.0881 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 2010/09/15 14:01:57.0396 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 2010/09/15 14:01:57.0895 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 2010/09/15 14:01:58.0410 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys 2010/09/15 14:01:58.0940 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 2010/09/15 14:01:59.0424 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys 2010/09/15 14:01:59.0939 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 2010/09/15 14:02:00.0485 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 2010/09/15 14:02:00.0999 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys 2010/09/15 14:02:01.0514 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys 2010/09/15 14:02:02.0107 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 2010/09/15 14:02:02.0871 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 2010/09/15 14:02:03.0495 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys 2010/09/15 14:02:04.0026 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys 2010/09/15 14:02:04.0728 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 2010/09/15 14:02:05.0321 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 2010/09/15 14:02:05.0789 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 2010/09/15 14:02:06.0257 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 2010/09/15 14:02:06.0912 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys 2010/09/15 14:02:07.0411 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys 2010/09/15 14:02:07.0895 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys 2010/09/15 14:02:08.0363 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 2010/09/15 14:02:08.0940 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys 2010/09/15 14:02:09.0439 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 2010/09/15 14:02:09.0969 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 2010/09/15 14:02:10.0484 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 2010/09/15 14:02:11.0046 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 2010/09/15 14:02:11.0670 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys 2010/09/15 14:02:12.0169 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\windows\system32\DRIVERS\srv.sys 2010/09/15 14:02:12.0715 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\windows\system32\DRIVERS\srv2.sys 2010/09/15 14:02:13.0526 srvnet (08f28676802b58138e48a2b40caf6204) C:\windows\system32\DRIVERS\srvnet.sys 2010/09/15 14:02:14.0369 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 2010/09/15 14:02:14.0852 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys 2010/09/15 14:02:15.0383 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys 2010/09/15 14:02:16.0131 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys 2010/09/15 14:02:16.0740 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys 2010/09/15 14:02:17.0317 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys 2010/09/15 14:02:17.0801 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys 2010/09/15 14:02:18.0253 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys 2010/09/15 14:02:18.0939 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys 2010/09/15 14:02:19.0407 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys 2010/09/15 14:02:20.0141 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys 2010/09/15 14:02:20.0624 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys 2010/09/15 14:02:21.0077 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 2010/09/15 14:02:21.0545 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys 2010/09/15 14:02:22.0169 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys 2010/09/15 14:02:22.0652 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys 2010/09/15 14:02:23.0120 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 2010/09/15 14:02:24.0009 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys 2010/09/15 14:02:24.0509 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys 2010/09/15 14:02:25.0164 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys 2010/09/15 14:02:25.0710 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys 2010/09/15 14:02:26.0162 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys 2010/09/15 14:02:26.0615 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 2010/09/15 14:02:27.0083 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\windows\system32\drivers\usbser.sys 2010/09/15 14:02:28.0065 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS 2010/09/15 14:02:28.0549 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys 2010/09/15 14:02:29.0017 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys 2010/09/15 14:02:29.0532 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys 2010/09/15 14:02:30.0031 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 2010/09/15 14:02:30.0530 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 2010/09/15 14:02:31.0076 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys 2010/09/15 14:02:31.0622 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys 2010/09/15 14:02:32.0153 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 2010/09/15 14:02:32.0667 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys 2010/09/15 14:02:33.0104 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys 2010/09/15 14:02:33.0650 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 2010/09/15 14:02:34.0321 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys 2010/09/15 14:02:34.0820 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 2010/09/15 14:02:35.0304 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 2010/09/15 14:02:35.0834 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 2010/09/15 14:02:36.0318 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys 2010/09/15 14:02:37.0035 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 2010/09/15 14:02:37.0566 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2010/09/15 14:02:37.0628 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2010/09/15 14:02:38.0237 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 2010/09/15 14:02:38.0783 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 2010/09/15 14:02:39.0485 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 2010/09/15 14:02:39.0968 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 2010/09/15 14:02:40.0686 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys 2010/09/15 14:02:41.0169 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys 2010/09/15 14:02:41.0856 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 2010/09/15 14:02:42.0542 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys 2010/09/15 14:02:43.0041 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys 2010/09/15 14:02:43.0322 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/09/15 14:02:43.0353 ================================================================================ 2010/09/15 14:02:43.0353 Scan finished 2010/09/15 14:02:43.0353 ================================================================================ 2010/09/15 14:02:43.0463 Detected object count: 1 2010/09/15 14:03:02.0183 \HardDisk0\MBR - will be cured after reboot 2010/09/15 14:03:02.0183 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure 2010/09/15 14:03:17.0330 Deinitialize success Ist der Virus hiermit beseitigt?, Google funktioniert meiner Meinung nach wieder Ich werde jetzt überprüfen ob der weiße blinkende Strich noch erscheint Geändert von gregger (15.09.2010 um 13:35 Uhr) |
15.09.2010, 13:37 | #9 |
/// Malware-holic | Google öffnet "falsche Links", hatte ANTIVIRUS GT öffne mein combuter (arbeitsplatz) c: dann qoobox. dort quarantain rechtsklick und zu quarantain.rar oder zip hinzufügen, archiv hochladen. dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide logs |
15.09.2010, 14:05 | #10 |
| Google öffnet "falsche Links", hatte ANTIVIRUS GT Das OTL ist auf deutsch, aber ich habe die Einstellungen vorgenommen. Soll ich die übrigen Felder wie Prozesse, Module, Dienste, Treiber, sowie Standard-Registrierung auf "Aus" stellen? |
15.09.2010, 14:49 | #11 |
/// Malware-holic | Google öffnet "falsche Links", hatte ANTIVIRUS GT nein, so belassen wie sie sind. |
16.09.2010, 04:07 | #12 |
| Google öffnet "falsche Links", hatte ANTIVIRUS GT OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 9/16/2010 5:02:59 AM - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Gregor\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 76.88 Gb Free Space | 76.88% Space Free | Partition Type: NTFS Drive D: | 122.87 Gb Total Space | 87.99 Gb Free Space | 71.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 9.99 Gb Total Space | 2.12 Gb Free Space | 21.24% Space Free | Partition Type: FAT32 Drive G: | 22.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KI_NET Current User Name: Gregor Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EA59635-F848-4608-BE39-6900E4673126}_is1" = FreeGPS "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = LivCam "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ASUS WebStorage" = ASUS WebStorage "AVG9Uninstall" = AVG Free 9.0 "B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) "B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "CCleaner" = CCleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "IrfanView" = IrfanView (remove only) "Miranda IM" = Miranda IM 0.8.26 "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Virgin Mobile" = Virgin Mobile "VLC media player" = VLC media player 1.1.0 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Zattoo4" = Zattoo4 4.0.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/9/2010 7:45:39 PM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 9/9/2010 7:45:45 PM | Computer Name = ki_net | Source = Google Update | ID = 20 Description = Error - 9/9/2010 7:45:45 PM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 9/9/2010 7:45:45 PM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 9/10/2010 12:13:14 PM | Computer Name = ki_net | Source = Google Update | ID = 20 Description = Error - 9/11/2010 2:39:32 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 9/11/2010 2:48:41 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 9/11/2010 2:48:52 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 9/11/2010 2:50:03 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 9/11/2010 2:50:10 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . [ System Events ] Error - 9/4/2010 1:00:19 AM | Computer Name = ki_net | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 9/4/2010 1:00:49 AM | Computer Name = ki_net | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst wuauserv erreicht. Error - 9/4/2010 1:01:19 AM | Computer Name = ki_net | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 9/6/2010 6:22:51 PM | Computer Name = ki_net | Source = BugCheck | ID = 1001 Description = Error - 9/6/2010 6:23:16 PM | Computer Name = ki_net | Source = Microsoft-Windows-Bits-Client | ID = 16392 Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147943752. Error - 9/6/2010 6:23:16 PM | Computer Name = ki_net | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023544. Error - 9/7/2010 7:38:41 PM | Computer Name = ki_net | Source = bowser | ID = 8003 Description = Error - 9/8/2010 12:48:14 AM | Computer Name = ki_net | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?08.?09.?2010 um 06:16:53 unerwartet heruntergefahren. Error - 9/11/2010 4:17:43 AM | Computer Name = ki_net | Source = Microsoft-Windows-Bits-Client | ID = 16392 Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147943515. Error - 9/11/2010 4:17:43 AM | Computer Name = ki_net | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023781. < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/16/2010 5:02:59 AM - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Gregor\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 76.88 Gb Free Space | 76.88% Space Free | Partition Type: NTFS Drive D: | 122.87 Gb Total Space | 87.99 Gb Free Space | 71.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 9.99 Gb Total Space | 2.12 Gb Free Space | 21.24% Space Free | Partition Type: FAT32 Drive G: | 22.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KI_NET Current User Name: Gregor Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Gregor\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Virgin Mobile\Virgin Mobile.exe () PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) ========== Modules (SafeList) ========== MOD - C:\Users\Gregor\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) ========== Driver Services (SafeList) ========== DRV - (UsbserFilt) -- C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys File not found DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys File not found DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys File not found DRV - (catchme) -- C:\Users\Gregor\AppData\Local\Temp\catchme.sys File not found DRV - (btwrchid) -- C:\Windows\System32\DRIVERS\btwrchid.sys File not found DRV - (btwl2cap) -- C:\Windows\System32\DRIVERS\btwl2cap.sys File not found DRV - (btwavdt) -- C:\Windows\System32\DRIVERS\btwavdt.sys File not found DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys File not found DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys File not found DRV - (BTCOMBUS) -- C:\Windows\System32\Drivers\btcombus.sys File not found DRV - (BTCOM) -- C:\Windows\System32\DRIVERS\btcomport.sys File not found DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys File not found DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys () DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.) DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/04 06:28:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/15 05:15:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/15 05:15:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010/09/15 14:21:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2010/09/12 06:10:15 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\mozilla\Extensions [2010/09/14 11:13:13 | 000,000,312 | ---- | M] () -- C:\Users\Gregor\AppData\Roaming\Mozilla\FireFox\Profiles\5ouhb008.default\searchplugins\bing.xml O1 HOSTS File: ([2010/09/15 13:14:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe File not found O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/08/23 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2009/09/22 10:45:42 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpReg: ASUS WebStorage - hkey= - key= - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () MsConfig - StartUpReg: BtTray - hkey= - key= - C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe File not found MsConfig - StartUpReg: Eee Docking - hkey= - key= - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe File not found MsConfig - StartUpReg: EeeSplendidAgent - hkey= - key= - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) MsConfig - StartUpReg: LiveUpdate - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010/09/15 14:53:55 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Gregor\Desktop\OTL.exe [2010/09/15 14:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/09/15 14:22:03 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Desktop\Virus_folder [2010/09/15 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6 [2010/09/15 13:24:29 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/09/15 13:14:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2010/09/15 13:12:08 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Local\temp [2010/09/15 12:39:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/09/15 12:39:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/09/15 12:06:55 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Documents\My Received Files [2010/09/15 06:33:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/09/15 06:33:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/09/15 06:33:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/09/15 04:26:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/09/14 11:35:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/09/12 14:14:13 | 000,000,000 | ---D | C] -- C:\fixwareout [2010/09/12 13:34:09 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\Malwarebytes [2010/09/12 13:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/09/12 13:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/09/12 13:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/09/12 13:24:12 | 000,000,000 | ---D | C] -- C:\rsit [2010/09/12 06:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/09/12 06:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 5 [2010/09/11 10:03:37 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\temp [2010/09/11 10:02:52 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\EeeStorageUploader [2010/09/08 01:40:33 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Desktop\work [2010/09/07 01:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\etax2010 [2010/09/07 00:22:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/09/06 14:50:12 | 000,000,000 | ---D | C] -- C:\$AVG [2010/09/06 14:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\pdf24 [2010/09/04 05:31:29 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/09/04 00:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security [2010/09/04 00:47:38 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\PC Tools [2010/09/04 00:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2010/09/03 17:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010/08/27 05:47:19 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Documents\pdf24 [2010/08/25 01:08:10 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Desktop\bilder speicherkarte [2010/08/24 17:12:25 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\WinRAR [2010/08/24 17:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2009/11/04 15:06:04 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2010/09/16 05:09:19 | 001,572,864 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat [2010/09/16 05:00:54 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/16 05:00:54 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/16 05:00:12 | 064,670,715 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/09/16 04:54:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/09/16 04:53:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/16 04:53:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/16 04:53:07 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys [2010/09/16 00:51:04 | 002,477,039 | -H-- | M] () -- C:\Users\Gregor\AppData\Local\IconCache.db [2010/09/16 00:49:40 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/09/15 14:56:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Gregor\Desktop\OTL.exe [2010/09/15 14:38:15 | 000,000,972 | ---- | M] () -- C:\Users\Gregor\Desktop\CCleaner.lnk [2010/09/15 13:31:50 | 003,915,028 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/09/15 13:31:50 | 000,687,858 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010/09/15 13:31:50 | 000,684,260 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2010/09/15 13:31:50 | 000,682,914 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2010/09/15 13:31:50 | 000,647,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/09/15 13:31:50 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/09/15 13:31:50 | 000,130,452 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2010/09/15 13:31:50 | 000,127,914 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010/09/15 13:31:50 | 000,127,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/09/15 13:31:50 | 000,124,850 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2010/09/15 13:31:50 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/09/15 13:14:58 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/09/15 13:14:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/09/15 12:35:20 | 000,000,000 | ---- | M] () -- C:\Users\Gregor\defogger_reenable [2010/09/15 05:52:27 | 000,000,112 | ---- | M] () -- C:\ProgramData\7mgHEu.dat [2010/09/15 05:27:44 | 003,845,016 | R--- | M] () -- C:\Users\Gregor\Desktop\ComboFix.exe [2010/09/15 05:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TMContainer00000000000000000002.regtrans-ms [2010/09/15 05:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TMContainer00000000000000000001.regtrans-ms [2010/09/15 05:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TM.blf [2010/09/07 00:22:37 | 160,002,738 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/09/06 14:15:32 | 000,000,856 | ---- | M] () -- C:\Users\Gregor\Desktop\Dokumente Gregor - Verknüpfung.lnk [2010/09/04 05:31:35 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/09/04 05:31:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/09/04 05:31:29 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/09/04 05:30:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010/09/04 05:10:14 | 000,524,288 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TMContainer00000000000000000002.regtrans-ms [2010/09/04 05:10:14 | 000,524,288 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TMContainer00000000000000000001.regtrans-ms [2010/09/04 05:10:14 | 000,065,536 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TM.blf [2010/09/04 05:08:06 | 000,000,032 | ---- | M] () -- C:\Windows\0 [2010/08/30 13:57:00 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll [2010/08/25 11:52:13 | 000,018,873 | ---- | M] () -- C:\Users\Gregor\Documents\vorlage_cv.docx [2010/08/25 09:23:46 | 001,934,721 | ---- | M] () -- C:\Users\Gregor\Documents\timesheet9July08.pdf ========== Files Created - No Company Name ========== [2010/09/15 14:38:15 | 000,000,972 | ---- | C] () -- C:\Users\Gregor\Desktop\CCleaner.lnk [2010/09/15 12:35:20 | 000,000,000 | ---- | C] () -- C:\Users\Gregor\defogger_reenable [2010/09/15 06:33:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/09/15 06:33:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/09/15 06:33:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/09/15 06:33:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/09/15 06:33:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/09/15 05:39:26 | 000,000,112 | ---- | C] () -- C:\ProgramData\7mgHEu.dat [2010/09/15 05:30:46 | 000,035,328 | ---- | C] () -- C:\Windows\Fonts\A4QeWv.com [2010/09/15 05:26:31 | 003,845,016 | R--- | C] () -- C:\Users\Gregor\Desktop\ComboFix.exe [2010/09/15 05:17:48 | 000,524,288 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TMContainer00000000000000000002.regtrans-ms [2010/09/15 05:17:48 | 000,524,288 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TMContainer00000000000000000001.regtrans-ms [2010/09/15 05:17:48 | 000,065,536 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TM.blf [2010/09/07 00:22:37 | 160,002,738 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/09/06 14:15:32 | 000,000,856 | ---- | C] () -- C:\Users\Gregor\Desktop\Dokumente Gregor - Verknüpfung.lnk [2010/09/04 04:41:26 | 000,524,288 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TMContainer00000000000000000002.regtrans-ms [2010/09/04 04:41:25 | 000,524,288 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TMContainer00000000000000000001.regtrans-ms [2010/09/04 04:41:25 | 000,065,536 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TM.blf [2010/09/04 00:48:31 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010/08/25 09:23:45 | 001,934,721 | ---- | C] () -- C:\Users\Gregor\Documents\timesheet9July08.pdf [2010/08/24 15:35:46 | 000,018,873 | ---- | C] () -- C:\Users\Gregor\Documents\vorlage_cv.docx [2010/07/02 18:03:40 | 000,017,408 | ---- | C] () -- C:\Users\Gregor\AppData\Local\WebpageIcons.db [2010/06/25 02:23:04 | 000,000,000 | ---- | C] () -- C:\Users\Gregor\AppData\Roaming\wklnhst.dat [2010/06/25 00:17:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/06/24 19:57:09 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2010/04/06 18:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2010/01/07 00:14:26 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys [2010/01/07 00:14:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010/01/06 23:47:03 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010/01/07 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage [2010/01/07 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage [2010/06/25 00:43:32 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Asus [2010/09/15 05:15:49 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\ASUS WebStorage [2010/06/25 09:57:42 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\DAEMON Tools Lite [2010/09/11 10:02:52 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\EeeStorageUploader [2010/07/02 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\IrfanView [2010/06/24 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\LolClient [2010/06/25 01:11:16 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Miranda [2010/07/12 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Nokia [2010/07/12 15:28:48 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\PC Suite [2010/09/15 05:15:35 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\temp [2010/06/25 02:23:35 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Template [2010/09/15 05:56:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/06/25 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Adobe [2010/06/25 00:43:32 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Asus [2010/09/15 05:15:49 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\ASUS WebStorage [2010/06/25 09:57:42 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\DAEMON Tools Lite [2010/09/11 10:02:52 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\EeeStorageUploader [2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Identities [2010/01/06 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\InstallShield [2010/07/02 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\IrfanView [2010/06/24 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\LolClient [2010/01/06 23:55:11 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Macromedia [2010/09/12 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Malwarebytes [2010/09/15 05:15:11 | 000,000,000 | --SD | M] -- C:\Users\Gregor\AppData\Roaming\Microsoft [2010/06/25 01:11:16 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Miranda [2010/09/15 05:15:15 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Mozilla [2010/07/12 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Nokia [2010/07/12 15:28:48 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\PC Suite [2010/09/04 00:47:38 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\PC Tools [2010/09/15 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Skype [2010/09/15 11:54:30 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\skypePM [2010/09/04 14:03:55 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\teamspeak2 [2010/09/15 05:15:35 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\temp [2010/06/25 02:23:35 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Template [2010/09/04 14:03:55 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\vlc [2010/08/24 17:12:25 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010/06/24 22:15:10 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Gregor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/06/05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > Geändert von gregger (16.09.2010 um 04:44 Uhr) |
16.09.2010, 10:06 | #13 |
/// Malware-holic | Google öffnet "falsche Links", hatte ANTIVIRUS GT bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
16.09.2010, 12:29 | #14 |
| Google öffnet "falsche Links", hatte ANTIVIRUS GT Combofix Logfile: Code:
ATTFilter ComboFix 10-09-14.01 - Gregor 16.09.2010 12:55:51.3.2 - x86 Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.2038.1280 [GMT 2:00] ausgeführt von:: c:\users\Gregor\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Eventuell infizierte Webseiten ----- hxxp://au.download.windowsupdate.com . ((((((((((((((((((((((( Dateien erstellt von 2010-08-16 bis 2010-09-16 )))))))))))))))))))))))))))))) . 2010-09-16 11:19 . 2010-09-16 11:19 -------- d-----w- c:\users\Gregor\AppData\Local\temp 2010-09-16 11:19 . 2010-09-16 11:19 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-09-16 11:19 . 2010-09-16 11:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-15 15:26 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-15 12:38 . 2010-09-15 12:38 -------- d-----w- c:\program files\CCleaner 2010-09-15 12:21 . 2010-09-15 12:21 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 6 2010-09-12 12:14 . 2010-09-15 03:15 -------- d-----w- C:\fixwareout 2010-09-12 11:34 . 2010-09-12 11:34 -------- d-----w- c:\users\Gregor\AppData\Roaming\Malwarebytes 2010-09-12 11:33 . 2010-09-12 11:33 -------- d-----w- c:\programdata\Malwarebytes 2010-09-12 11:33 . 2010-09-15 12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-12 11:24 . 2010-09-12 11:24 -------- d-----w- C:\rsit 2010-09-12 11:24 . 2010-09-12 11:24 -------- d-----w- c:\program files\trend micro 2010-09-12 04:20 . 2010-09-14 09:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-09-12 04:09 . 2010-09-15 03:15 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 5 2010-09-11 08:02 . 2010-09-11 08:02 -------- d-----w- c:\users\Gregor\AppData\Roaming\EeeStorageUploader 2010-09-06 23:56 . 2010-09-15 03:15 -------- d-----w- c:\program files\etax2010 2010-09-06 12:50 . 2010-09-06 12:50 -------- d-----w- C:\$AVG 2010-09-06 12:07 . 2010-09-15 05:02 -------- d-----w- c:\program files\pdf24 2010-09-04 03:32 . 2010-09-04 03:32 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys 2010-09-04 03:32 . 2010-09-04 03:32 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys 2010-09-04 03:32 . 2010-09-04 03:32 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys 2010-09-04 03:31 . 2010-09-04 03:31 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-09-04 03:17 . 2010-09-04 03:17 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe 2010-09-04 03:17 . 2010-09-04 03:17 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll 2010-09-04 03:17 . 2010-09-04 03:17 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe 2010-09-04 03:17 . 2010-09-04 03:17 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll 2010-09-03 22:48 . 2010-08-30 11:57 767952 ----a-w- c:\windows\BDTSupport.dll 2010-09-03 22:47 . 2010-09-04 12:03 -------- d-----w- c:\program files\PC Tools Security 2010-09-03 22:47 . 2010-09-04 12:03 -------- d-----w- c:\program files\Common Files\PC Tools 2010-09-03 22:47 . 2010-09-03 22:47 -------- d-----w- c:\users\Gregor\AppData\Roaming\PC Tools 2010-09-03 15:15 . 2010-09-04 12:03 -------- d-----w- c:\programdata\PC Tools . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-16 08:09 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar 2010-09-16 08:09 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer 2010-09-16 08:09 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender 2010-09-16 08:09 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker 2010-09-16 08:09 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-09-15 22:57 . 2010-01-06 21:56 -------- d-----w- c:\programdata\Microsoft Help 2010-09-15 11:58 . 2010-06-24 22:15 -------- d-----w- c:\users\Gregor\AppData\Roaming\Skype 2010-09-15 11:31 . 2009-07-26 01:28 647376 ----a-w- c:\windows\system32\perfh007.dat 2010-09-15 11:31 . 2009-07-26 01:28 127404 ----a-w- c:\windows\system32\perfc007.dat 2010-09-15 09:54 . 2010-06-24 22:17 -------- d-----w- c:\users\Gregor\AppData\Roaming\skypePM 2010-09-15 03:52 . 2010-09-15 03:39 112 ----a-w- c:\programdata\7mgHEu.dat 2010-09-15 03:15 . 2010-06-24 16:47 -------- d-----w- c:\users\Gregor\AppData\Roaming\ASUS WebStorage 2010-09-15 03:15 . 2010-07-26 05:39 -------- d-----w- c:\program files\FreeGPS 2010-09-04 12:03 . 2010-06-26 11:36 -------- d-----w- c:\users\Gregor\AppData\Roaming\vlc 2010-09-04 12:03 . 2010-06-26 09:55 -------- d-----w- c:\users\Gregor\AppData\Roaming\teamspeak2 2010-09-04 12:01 . 2010-06-24 19:43 -------- d-----w- c:\program files\AVG 2010-09-04 03:31 . 2010-06-24 19:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-09-04 03:31 . 2010-06-24 19:43 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-09-04 03:30 . 2010-06-24 19:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-09-04 03:05 . 2010-06-26 10:03 -------- d-----w- c:\programdata\Installations 2010-09-04 03:05 . 2010-07-12 13:25 -------- d-----w- c:\program files\Nokia 2010-09-04 02:52 . 2010-06-24 19:43 -------- d-----w- c:\programdata\avg9 2010-08-12 04:53 . 2010-01-06 21:58 -------- d-----w- c:\program files\Microsoft Works 2010-08-12 00:30 . 2010-06-26 09:54 -------- d-----w- c:\program files\TeamSpeak 3 Client 2010-07-29 06:30 . 2010-08-12 00:31 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-12 00:31 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-19 12:43 . 2010-07-19 12:39 -------- d-----w- c:\program files\Google 2010-07-12 13:24 . 2010-07-12 13:24 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe 2010-07-12 13:24 . 2010-07-12 13:24 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe 2010-07-12 13:24 . 2010-07-12 13:24 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-07-12 13:24 . 2010-07-12 13:24 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe 2010-07-12 13:23 . 2010-07-12 13:24 36426336 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ger_web.exe 2010-06-30 06:25 . 2010-08-12 00:31 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 13:26 . 2010-06-24 16:47 110816 ----a-w- c:\users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-25 00:28 . 2010-06-25 00:28 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-06-25 00:23 . 2010-06-25 00:23 0 ----a-w- c:\users\Gregor\AppData\Roaming\wklnhst.dat 2010-06-24 22:17 . 2010-06-24 22:17 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-06-24 20:15 . 2010-06-24 20:19 53632 ----a-w- c:\users\Gregor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-24 20:15 . 2010-06-24 20:07 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-22 02:47 . 2010-08-12 00:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-22 02:47 . 2010-08-12 00:31 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-22 02:47 . 2010-08-12 00:31 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-06-19 06:33 . 2010-08-12 00:31 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:33 . 2010-08-12 00:31 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:23 . 2010-08-12 00:31 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 04:07 . 2010-08-12 00:31 2326016 ----a-w- c:\windows\system32\win32k.sys 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . |
16.09.2010, 14:06 | #15 |
/// Malware-holic | Google öffnet "falsche Links", hatte ANTIVIRUS GT gibts noch irgendwelche probleme? |
Themen zu Google öffnet "falsche Links", hatte ANTIVIRUS GT |
antivirus, avg, bildschirm, bli, computer, erfolgreich, falsche, falsche links, foren, gmer, google, langsamer, links, löschen, malwarebytes, schwarzer bildschirm, search, seite, seiten, spybot, starten, weiße, windows, windows 7, öffnet, öffnet andere seiten |