| |
| |||||||
Log-Analyse und Auswertung: JAVA/ClassLoader.ABWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.05.2011, 21:03
| #1 | |
 |  JAVA/ClassLoader.AB Hallo zusammen, AVIRA hat bei mir JAVA/ClassLoader.AB entdeckt. Siehe Log. Kann mir jemand helfen? Danke! Zitat:
|
|
10.05.2011, 11:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | JAVA/ClassLoader.AB Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
10.05.2011, 18:28
| #3 |
| | JAVA/ClassLoader.AB Malwarebytes' Anti-Malware 1.50.1.1100
__________________Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 6530 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 09.05.2011 21:36:36 mbam-log-2011-05-09 (21-36-36).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 482417 Time elapsed: 1 hour(s), 17 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
10.05.2011, 18:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/ClassLoader.AB Das war der erste und auch einzige Scan? malwarebytes hat nie etwas gefunden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.05.2011, 19:35
| #5 |
| | JAVA/ClassLoader.AB Ja, keine Funde. Finde ich auch merkwürdig... |
|
10.05.2011, 20:43
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/ClassLoader.AB CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> JAVA/ClassLoader.AB |
|
10.05.2011, 21:29
| #7 |
| | JAVA/ClassLoader.AB OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.05.2011 22:02:54 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\helmi\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 584,50 Gb Total Space | 287,22 Gb Free Space | 49,14% Space Free | Partition Type: NTFS Drive D: | 11,67 Gb Total Space | 1,57 Gb Free Space | 13,46% Space Free | Partition Type: NTFS Computer Name: HW4-PC | User Name: helmut | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.08 16:11:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\helmi\Downloads\OTL.exe PRC - [2011.04.28 18:38:52 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.16 20:56:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.07 11:47:10 | 003,576,152 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe PRC - [2011.01.02 11:57:01 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2009.10.07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe PRC - [2008.10.26 08:28:19 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.06.02 19:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe PRC - [2008.06.02 19:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe ========== Modules (SafeList) ========== MOD - [2011.05.08 16:11:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\helmi\Downloads\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.10.07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2008.02.26 00:09:18 | 000,851,456 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2011.04.28 18:38:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.16 20:56:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.02.07 11:47:10 | 003,576,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.28 14:50:58 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.06.02 19:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) Intel(R) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.01.02 11:57:02 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.03.02 14:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.01 00:01:36 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009.04.30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV:64bit: - [2009.04.30 23:55:48 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lv302a64.sys -- (lvpepf64) DRV:64bit: - [2008.12.04 21:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2008.02.26 02:53:48 | 004,222,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2008.02.14 16:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2007.10.12 04:00:20 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.12.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2008.10.26 08:28:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2010.01.06 22:07:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2010.11.24 20:50:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.25 21:38:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.25 18:50:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.13 23:05:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.04 20:44:56 | 000,000,000 | ---D | M] [2008.10.18 12:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\helmut\AppData\Roaming\mozilla\Extensions [2011.04.03 20:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\helmut\AppData\Roaming\mozilla\Firefox\Profiles\opyg3rm3.default\extensions [2010.07.21 21:26:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\helmut\AppData\Roaming\mozilla\Firefox\Profiles\opyg3rm3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.25 21:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.10 08:07:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.03 19:24:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.04.03 20:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.24 20:50:34 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.03 20:27:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] File not found O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [WMPNSCFG] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [1&1_1&1 SoftPhone] C:\Program Files (x86)\1&1\1&1 SoftPhone\IPPHONEUI.EXE (1&1 Internet AG) O4 - Startup: C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ff254215-47a3-11dd-a4da-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ff254215-47a3-11dd-a4da-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cdstart.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {5FE061AD-6037-5D3E-0B37-33AA03598DA2} - Microsoft Windows Media Player ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {717F6491-6FBB-72A5-EE7F-A8E7A87B2295} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.08 10:30:20 | 000,000,000 | ---D | C] -- C:\Users\helmut\AppData\Roaming\Malwarebytes [2011.05.08 10:30:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.08 10:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.08 10:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.08 10:30:13 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.08 10:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.25 18:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.25 18:53:10 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.04.25 18:53:04 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.04.25 18:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.04.25 18:49:59 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.04.25 18:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour ========== Files - Modified Within 30 Days ========== [2011.05.10 22:07:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{232B76FC-31EF-4CEC-AC5D-DFBC964DF57C}.job [2011.05.10 22:04:50 | 001,676,072 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.10 22:04:50 | 000,714,792 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.10 22:04:50 | 000,668,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.10 22:04:50 | 000,163,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.10 22:04:50 | 000,133,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.10 22:01:44 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.05.10 19:59:13 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.10 19:59:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.10 19:58:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 19:58:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 19:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.09 20:00:12 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.05.08 10:30:17 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.29 21:41:05 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2011.lnk [2011.04.25 21:38:39 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.25 18:53:40 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.14 19:18:53 | 000,343,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.05.08 10:30:17 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.29 21:38:43 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung 2011.lnk [2011.04.25 18:53:40 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.25 18:51:18 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.01.06 15:08:20 | 000,344,376 | R--- | C] () -- C:\Windows\SysWow64\Lffpx7.dll [2011.01.06 15:08:20 | 000,128,312 | R--- | C] () -- C:\Windows\SysWow64\Lfkodak.dll [2010.12.28 21:02:31 | 000,000,286 | -H-- | C] () -- C:\ProgramData\wb764821reg.bin [2010.07.04 21:25:34 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2010.06.18 14:40:28 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\hpputoar.dll [2010.03.10 19:15:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.02.23 21:25:56 | 000,000,680 | ---- | C] () -- C:\Users\helmut\AppData\Local\d3d9caps.dat [2010.01.03 00:12:02 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\HPPLVS.dll [2009.09.24 08:23:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.24 08:23:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.09.24 08:23:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.07.27 22:44:13 | 000,000,094 | ---- | C] () -- C:\Users\helmut\AppData\Local\fusioncache.dat [2009.02.22 16:07:55 | 001,618,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.11.21 23:33:24 | 000,008,704 | ---- | C] () -- C:\Users\helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.23 21:45:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.10.18 12:49:23 | 000,000,106 | ---- | C] () -- C:\Users\helmut\AppData\Roaming\wklnhst.dat [2008.07.23 16:41:16 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\BH_DATA110VC8.dll [2008.06.17 23:08:19 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2008.06.17 22:41:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.06.17 22:38:01 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008.06.17 22:33:51 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008.06.17 22:33:51 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008.02.07 11:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2007.11.13 09:39:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC7.dll ========== LOP Check ========== [2009.06.05 08:00:32 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\.pknowledge [2010.01.06 22:10:56 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\1&1 [2009.04.04 17:29:57 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Buhl Data Service [2009.11.28 13:20:49 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\FreeHDConverter [2009.03.11 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\FRITZ!fax für FRITZ!Box [2008.10.26 08:24:59 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\GHISLER [2008.10.18 20:33:46 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Image Zone Express [2009.12.29 22:36:26 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Leadertech [2009.12.30 20:38:40 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Lexware [2009.10.18 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\OpenOffice.org [2008.10.18 13:03:06 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Opera [2010.04.17 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\StreamTorrent [2011.02.27 18:02:22 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Swiss Academic Software [2008.10.18 12:49:24 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Template [2008.11.09 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Thunderbird [2010.07.04 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Tobit [2008.10.26 20:58:38 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\WinBatch [2011.05.10 19:39:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.05.10 22:07:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{232B76FC-31EF-4CEC-AC5D-DFBC964DF57C}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.06.05 08:00:32 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\.pknowledge [2010.01.06 22:10:56 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\1&1 [2011.03.04 20:47:07 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Adobe [2008.10.18 19:35:02 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Apple Computer [2008.10.18 12:35:17 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\ATI [2009.04.04 17:29:57 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Buhl Data Service [2010.05.01 11:38:59 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\DivX [2009.11.28 13:20:49 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\FreeHDConverter [2009.03.11 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\FRITZ!fax für FRITZ!Box [2008.10.26 08:24:59 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\GHISLER [2011.02.27 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Hewlett-Packard [2008.10.18 12:34:59 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Identities [2008.10.18 20:33:46 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Image Zone Express [2008.10.18 12:30:54 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\InstallShield [2009.12.29 22:36:26 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Leadertech [2009.12.30 20:38:40 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Lexware [2008.10.18 12:32:55 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Macromedia [2009.07.27 22:47:33 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Macrovision [2011.05.08 10:30:20 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Malwarebytes [2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Media Center Programs [2011.03.04 20:47:07 | 000,000,000 | --SD | M] -- C:\Users\helmut\AppData\Roaming\Microsoft [2008.11.09 22:03:28 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Mozilla [2009.10.18 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\OpenOffice.org [2008.10.18 13:03:06 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Opera [2009.12.30 20:38:47 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Real [2011.04.03 22:40:40 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Skype [2011.04.03 21:14:37 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\skypePM [2010.04.17 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\StreamTorrent [2011.02.27 18:02:22 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Swiss Academic Software [2008.10.18 12:35:27 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Symantec [2008.10.18 12:49:24 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Template [2008.11.09 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Thunderbird [2010.07.04 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\Tobit [2008.10.26 20:58:38 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\WinBatch [2010.04.28 20:02:49 | 000,000,000 | ---D | M] -- C:\Users\helmut\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.12.31 15:20:25 | 000,010,134 | R--- | M] () -- C:\Users\helmut\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe [2009.06.05 07:59:33 | 000,000,318 | R--- | M] () -- C:\Users\helmut\AppData\Roaming\Microsoft\Installer\{627C5AC0-772C-4661-B696-42E04AEB1872}\ARPPRODUCTICON.exe [2009.06.05 07:59:33 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\helmut\AppData\Roaming\Microsoft\Installer\{627C5AC0-772C-4661-B696-42E04AEB1872}\NewShortcut1_627C5AC0772C4661B69642E04AEB1868.exe [2009.07.27 22:44:21 | 000,010,134 | R--- | M] () -- C:\Users\helmut\AppData\Roaming\Microsoft\Installer\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}\ARPPRODUCTICON.exe [2010.02.23 21:25:59 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\helmut\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.04.17 13:35:43 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\helmut\AppData\Roaming\Real\Update\setup3.10\setup.exe [2010.09.08 22:27:21 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\helmut\AppData\Roaming\Real\Update\setup3.12\setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2008.06.02 19:49:48 | 000,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2008.06.02 19:50:10 | 000,382,488 | ---- | M] (Intel Corporation) MD5=3C4CD264B04D79A43A0F124C067BA08E -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2008.12.04 21:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Windows\SysNative\drivers\iaStor.sys [2007.07.12 18:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
10.05.2011, 21:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/ClassLoader.AB Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KBD] File not found
O4 - HKCU..\Run: [WMPNSCFG] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ff254215-47a3-11dd-a4da-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ff254215-47a3-11dd-a4da-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cdstart.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2011, 06:07
| #9 |
| | JAVA/ClassLoader.AB All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KBD deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff254215-47a3-11dd-a4da-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff254215-47a3-11dd-a4da-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff254215-47a3-11dd-a4da-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff254215-47a3-11dd-a4da-806e6f6e6963}\ not found. File E:\cdstart.exe not found. ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 84 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: helmi ->Temp folder emptied: 1320520566 bytes ->Temporary Internet Files folder emptied: 992443444 bytes ->Java cache emptied: 209730085 bytes ->FireFox cache emptied: 438419452 bytes ->Google Chrome cache emptied: 27579247 bytes ->Flash cache emptied: 80440 bytes User: helmut ->Temp folder emptied: 309492639 bytes ->Temporary Internet Files folder emptied: 76133334 bytes ->Java cache emptied: 25802404 bytes ->FireFox cache emptied: 79576543 bytes ->Google Chrome cache emptied: 6371889 bytes ->Opera cache emptied: 338230 bytes ->Flash cache emptied: 1889 bytes User: kremi ->Temp folder emptied: 1305815147 bytes ->Temporary Internet Files folder emptied: 14190797 bytes ->Java cache emptied: 50641919 bytes ->FireFox cache emptied: 53663540 bytes ->Flash cache emptied: 8292 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 197374546 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.872,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05112011_065225 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
11.05.2011, 09:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/ClassLoader.AB Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2011, 21:33
| #11 |
| | JAVA/ClassLoader.AB keine Funde Log: 2011/05/11 22:29:14.0350 2000 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 2011/05/11 22:29:14.0615 2000 ================================================================================ 2011/05/11 22:29:14.0615 2000 SystemInfo: 2011/05/11 22:29:14.0615 2000 2011/05/11 22:29:14.0615 2000 OS Version: 6.0.6002 ServicePack: 2.0 2011/05/11 22:29:14.0615 2000 Product type: Workstation 2011/05/11 22:29:14.0615 2000 ComputerName: HW4-PC 2011/05/11 22:29:14.0615 2000 UserName: helmut 2011/05/11 22:29:14.0615 2000 Windows directory: C:\Windows 2011/05/11 22:29:14.0615 2000 System windows directory: C:\Windows 2011/05/11 22:29:14.0615 2000 Running under WOW64 2011/05/11 22:29:14.0615 2000 Processor architecture: Intel x64 2011/05/11 22:29:14.0615 2000 Number of processors: 4 2011/05/11 22:29:14.0615 2000 Page size: 0x1000 2011/05/11 22:29:14.0615 2000 Boot type: Normal boot 2011/05/11 22:29:14.0615 2000 ================================================================================ 2011/05/11 22:29:14.0911 2000 Initialize success 2011/05/11 22:29:19.0357 2168 ================================================================================ 2011/05/11 22:29:19.0357 2168 Scan started 2011/05/11 22:29:19.0357 2168 Mode: Manual; 2011/05/11 22:29:19.0357 2168 ================================================================================ 2011/05/11 22:29:19.0778 2168 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 2011/05/11 22:29:19.0841 2168 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 2011/05/11 22:29:19.0872 2168 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 2011/05/11 22:29:19.0903 2168 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 2011/05/11 22:29:19.0934 2168 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 2011/05/11 22:29:20.0012 2168 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys 2011/05/11 22:29:20.0075 2168 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 2011/05/11 22:29:20.0106 2168 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 2011/05/11 22:29:20.0153 2168 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 2011/05/11 22:29:20.0168 2168 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 2011/05/11 22:29:20.0200 2168 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 2011/05/11 22:29:20.0262 2168 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 2011/05/11 22:29:20.0309 2168 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 2011/05/11 22:29:20.0371 2168 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/11 22:29:20.0418 2168 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys 2011/05/11 22:29:20.0527 2168 atikmdag (a2a7a93838eca2d42de56d6b7b0abbad) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/11 22:29:20.0652 2168 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/11 22:29:20.0746 2168 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/11 22:29:20.0808 2168 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 2011/05/11 22:29:20.0855 2168 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/11 22:29:20.0886 2168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 2011/05/11 22:29:20.0917 2168 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 2011/05/11 22:29:20.0980 2168 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 2011/05/11 22:29:21.0026 2168 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 2011/05/11 22:29:21.0058 2168 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 2011/05/11 22:29:21.0104 2168 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 2011/05/11 22:29:21.0151 2168 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 2011/05/11 22:29:21.0214 2168 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/11 22:29:21.0260 2168 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/11 22:29:21.0307 2168 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 2011/05/11 22:29:21.0354 2168 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 2011/05/11 22:29:21.0416 2168 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 2011/05/11 22:29:21.0448 2168 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 2011/05/11 22:29:21.0494 2168 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 2011/05/11 22:29:21.0604 2168 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys 2011/05/11 22:29:21.0666 2168 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 2011/05/11 22:29:21.0760 2168 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 2011/05/11 22:29:21.0838 2168 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/11 22:29:21.0869 2168 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 2011/05/11 22:29:21.0947 2168 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 2011/05/11 22:29:21.0994 2168 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 2011/05/11 22:29:22.0040 2168 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 2011/05/11 22:29:22.0118 2168 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 2011/05/11 22:29:22.0196 2168 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 2011/05/11 22:29:22.0259 2168 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/11 22:29:22.0290 2168 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 2011/05/11 22:29:22.0306 2168 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 2011/05/11 22:29:22.0352 2168 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/11 22:29:22.0399 2168 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 2011/05/11 22:29:22.0415 2168 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/11 22:29:22.0477 2168 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 2011/05/11 22:29:22.0540 2168 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/05/11 22:29:22.0633 2168 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys 2011/05/11 22:29:22.0711 2168 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/11 22:29:22.0742 2168 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 2011/05/11 22:29:22.0789 2168 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 2011/05/11 22:29:22.0836 2168 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/11 22:29:22.0898 2168 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 2011/05/11 22:29:22.0961 2168 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 2011/05/11 22:29:23.0008 2168 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 2011/05/11 22:29:23.0054 2168 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/11 22:29:23.0117 2168 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys 2011/05/11 22:29:23.0148 2168 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 2011/05/11 22:29:23.0179 2168 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 2011/05/11 22:29:23.0257 2168 IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys 2011/05/11 22:29:23.0304 2168 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 2011/05/11 22:29:23.0320 2168 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/11 22:29:23.0382 2168 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/11 22:29:23.0460 2168 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 2011/05/11 22:29:23.0491 2168 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 2011/05/11 22:29:23.0522 2168 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 2011/05/11 22:29:23.0554 2168 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 2011/05/11 22:29:23.0585 2168 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/11 22:29:23.0616 2168 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 2011/05/11 22:29:23.0632 2168 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 2011/05/11 22:29:23.0678 2168 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/11 22:29:23.0741 2168 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/11 22:29:23.0803 2168 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/11 22:29:23.0850 2168 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 2011/05/11 22:29:23.0944 2168 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/11 22:29:23.0990 2168 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 2011/05/11 22:29:24.0022 2168 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 2011/05/11 22:29:24.0053 2168 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 2011/05/11 22:29:24.0068 2168 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 2011/05/11 22:29:24.0146 2168 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys 2011/05/11 22:29:24.0209 2168 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys 2011/05/11 22:29:24.0209 2168 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys 2011/05/11 22:29:24.0271 2168 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys 2011/05/11 22:29:24.0302 2168 LVUSBS64 (6562fcee704f14c05f5338b147d67a16) C:\Windows\system32\drivers\LVUSBS64.sys 2011/05/11 22:29:24.0349 2168 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 2011/05/11 22:29:24.0380 2168 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 2011/05/11 22:29:24.0427 2168 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 2011/05/11 22:29:24.0458 2168 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/11 22:29:24.0490 2168 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/11 22:29:24.0521 2168 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/11 22:29:24.0568 2168 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 2011/05/11 22:29:24.0599 2168 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 2011/05/11 22:29:24.0630 2168 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/11 22:29:24.0677 2168 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 2011/05/11 22:29:24.0755 2168 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 2011/05/11 22:29:24.0786 2168 mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/11 22:29:24.0817 2168 mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/11 22:29:24.0833 2168 mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/11 22:29:24.0864 2168 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 2011/05/11 22:29:24.0895 2168 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 2011/05/11 22:29:24.0926 2168 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 2011/05/11 22:29:24.0958 2168 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 2011/05/11 22:29:25.0004 2168 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/11 22:29:25.0020 2168 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/11 22:29:25.0051 2168 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 2011/05/11 22:29:25.0114 2168 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 2011/05/11 22:29:25.0145 2168 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/11 22:29:25.0176 2168 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 2011/05/11 22:29:25.0192 2168 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 2011/05/11 22:29:25.0270 2168 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/11 22:29:25.0332 2168 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 2011/05/11 22:29:25.0363 2168 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/11 22:29:25.0394 2168 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/11 22:29:25.0441 2168 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/11 22:29:25.0472 2168 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 2011/05/11 22:29:25.0488 2168 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/11 22:29:25.0550 2168 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/11 22:29:25.0597 2168 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 2011/05/11 22:29:25.0628 2168 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 2011/05/11 22:29:25.0644 2168 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/11 22:29:25.0722 2168 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 2011/05/11 22:29:25.0753 2168 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 2011/05/11 22:29:25.0800 2168 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 2011/05/11 22:29:25.0831 2168 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 2011/05/11 22:29:25.0878 2168 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 2011/05/11 22:29:25.0972 2168 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/11 22:29:26.0003 2168 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 2011/05/11 22:29:26.0065 2168 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys 2011/05/11 22:29:26.0081 2168 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 2011/05/11 22:29:26.0112 2168 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys 2011/05/11 22:29:26.0143 2168 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 2011/05/11 22:29:26.0174 2168 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 2011/05/11 22:29:26.0315 2168 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS 2011/05/11 22:29:26.0424 2168 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/11 22:29:26.0455 2168 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 2011/05/11 22:29:26.0502 2168 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys 2011/05/11 22:29:26.0580 2168 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/11 22:29:26.0627 2168 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys 2011/05/11 22:29:26.0674 2168 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 2011/05/11 22:29:26.0720 2168 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 2011/05/11 22:29:26.0752 2168 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/11 22:29:26.0798 2168 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/11 22:29:26.0830 2168 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/11 22:29:26.0892 2168 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/11 22:29:26.0923 2168 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/11 22:29:26.0970 2168 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/11 22:29:26.0986 2168 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/11 22:29:27.0032 2168 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 2011/05/11 22:29:27.0048 2168 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/11 22:29:27.0079 2168 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys 2011/05/11 22:29:27.0142 2168 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/11 22:29:27.0173 2168 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys 2011/05/11 22:29:27.0204 2168 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 2011/05/11 22:29:27.0266 2168 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/11 22:29:27.0298 2168 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 2011/05/11 22:29:27.0329 2168 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 2011/05/11 22:29:27.0344 2168 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 2011/05/11 22:29:27.0500 2168 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 2011/05/11 22:29:27.0532 2168 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/11 22:29:27.0578 2168 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/11 22:29:27.0610 2168 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 2011/05/11 22:29:27.0641 2168 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 2011/05/11 22:29:27.0672 2168 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 2011/05/11 22:29:27.0734 2168 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 2011/05/11 22:29:27.0890 2168 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 2011/05/11 22:29:27.0922 2168 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 2011/05/11 22:29:27.0984 2168 srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/11 22:29:28.0031 2168 srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/11 22:29:28.0078 2168 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/11 22:29:28.0109 2168 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 2011/05/11 22:29:28.0140 2168 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 2011/05/11 22:29:28.0171 2168 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 2011/05/11 22:29:28.0249 2168 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys 2011/05/11 22:29:28.0327 2168 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/11 22:29:28.0390 2168 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/11 22:29:28.0421 2168 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 2011/05/11 22:29:28.0436 2168 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 2011/05/11 22:29:28.0499 2168 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/11 22:29:28.0592 2168 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/11 22:29:28.0670 2168 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/11 22:29:28.0702 2168 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 2011/05/11 22:29:28.0764 2168 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/11 22:29:28.0795 2168 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 2011/05/11 22:29:28.0842 2168 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/11 22:29:28.0889 2168 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/11 22:29:28.0904 2168 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 2011/05/11 22:29:28.0951 2168 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 2011/05/11 22:29:28.0982 2168 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 2011/05/11 22:29:29.0029 2168 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/11 22:29:29.0107 2168 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys 2011/05/11 22:29:29.0138 2168 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/11 22:29:29.0170 2168 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 2011/05/11 22:29:29.0201 2168 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/11 22:29:29.0232 2168 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/11 22:29:29.0279 2168 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 2011/05/11 22:29:29.0310 2168 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/11 22:29:29.0388 2168 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/11 22:29:29.0435 2168 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/05/11 22:29:29.0466 2168 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/11 22:29:29.0544 2168 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/11 22:29:29.0575 2168 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 2011/05/11 22:29:29.0606 2168 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 2011/05/11 22:29:29.0669 2168 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 2011/05/11 22:29:29.0731 2168 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 2011/05/11 22:29:29.0794 2168 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 2011/05/11 22:29:29.0809 2168 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 2011/05/11 22:29:29.0872 2168 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 2011/05/11 22:29:29.0918 2168 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/11 22:29:29.0934 2168 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/11 22:29:29.0981 2168 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 2011/05/11 22:29:30.0043 2168 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/11 22:29:30.0199 2168 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys 2011/05/11 22:29:30.0308 2168 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/05/11 22:29:30.0355 2168 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/11 22:29:30.0402 2168 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/11 22:29:30.0667 2168 ================================================================================ 2011/05/11 22:29:30.0667 2168 Scan finished 2011/05/11 22:29:30.0667 2168 ================================================================================ |
|
11.05.2011, 21:37
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/ClassLoader.AB Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2011, 22:13
| #13 |
| | JAVA/ClassLoader.AB Combofix Logfile: Code:
ATTFilter ComboFix 11-05-11.01 - helmut 11.05.2011 22:50:09.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2532 [GMT 2:00]
ausgeführt von:: c:\users\helmi\Documents\Notes\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\helmut\setup_dm_Fotowelt.exe
c:\windows\SysWow64\jusched.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-11 bis 2011-05-11 ))))))))))))))))))))))))))))))
.
.
2011-05-11 04:52 . 2011-05-11 04:52 -------- d-----w- C:\_OTL
2011-05-10 20:19 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D15BE83-3EFA-48BB-8F67-B8E8BA7F2BFD}\mpengine.dll
2011-05-09 18:18 . 2011-05-09 18:18 -------- d-----w- c:\users\helmi\AppData\Roaming\Malwarebytes
2011-05-08 08:30 . 2011-05-08 08:30 -------- d-----w- c:\users\helmut\AppData\Roaming\Malwarebytes
2011-05-08 08:30 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-08 08:30 . 2011-05-08 08:30 -------- d-----w- c:\programdata\Malwarebytes
2011-05-08 08:30 . 2011-05-08 08:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-08 08:30 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 05:41 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 05:41 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-27 05:40 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 05:40 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 05:40 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 05:40 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-25 16:53 . 2011-04-25 16:53 -------- d-----w- c:\program files\iPod
2011-04-25 16:53 . 2011-04-25 16:53 -------- d-----w- c:\program files\iTunes
2011-04-25 16:53 . 2011-04-25 16:53 -------- d-----w- c:\program files (x86)\iTunes
2011-04-14 05:55 . 2011-02-18 14:18 450560 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 05:55 . 2011-02-18 14:17 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 05:55 . 2011-02-18 14:17 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 05:55 . 2011-02-17 07:21 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 05:55 . 2011-02-17 06:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-04-03 18:27 . 2010-06-03 17:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-03 15:59 . 2011-04-27 05:40 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-27 05:40 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-27 05:40 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:40 . 2011-04-27 05:40 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 05:40 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 05:40 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 05:40 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:47 . 2011-03-23 18:44 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 14:13 . 2011-03-23 18:44 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53 . 2011-03-23 18:44 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:53 . 2011-03-23 18:44 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:33 . 2011-03-23 18:44 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2008-10-26 185872]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-02 281768]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-09-11 339240]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\kremi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PMB Medien-Prfung.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-31 333088]
.
c:\users\helmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files (x86)\Mozilla Firefox\firefox.exe [2011-4-25 924632]
Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2008-10-18 12746928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9a49cd18bbbcc;Google Update Service (gupdate1c9a49cd18bbbcc);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [2011-02-07 3576152]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 11:28]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-14 12:02]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-14 12:02]
.
2011-05-11 c:\windows\Tasks\User_Feed_Synchronization-{232B76FC-31EF-4CEC-AC5D-DFBC964DF57C}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: In 1&&1 SoftPhone wählen - c:\programdata\1&1\1&1 SoftPhone\ContextMenuHandler.html
FF - ProfilePath - c:\users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\opyg3rm3.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player"
"IsInstalled"=dword:00000000
"Version"="11,0,6002,18311"
"ComponentID"="WMPACCESS"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"
"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"
"DontAsk"=dword:00000002
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-21"
"ComponentID"="IEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"LocalizedName"="@c:\\Windows\\SysWOW64\\iedkcs32.dll,-3052"
"ComponentiD"="BRANDING.CAB"
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="\"c:\\Windows\\SysWOW64\\rundll32.exe\" \"c:\\Windows\\SysWOW64\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files (x86)\\Java\\jre6\\bin\\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player"
"IsInstalled"=dword:00000001
"Version"="11,0,6002,18311"
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{25FFAAD0-F4A3-4164-95FF-4461E9F35D51}]
@=".NET Framework"
"Version"="2,0,50727,1"
"ComponentID"=".NETFramework"
"Locale"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
"ComponentID"="M979906"
@="Microsoft .NET Framework 1.1 Security Update (KB979906)"
"Version"="1,1,4322"
"Locale"="*"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\themeui.dll,-2682"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="EN"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
"Version"="1,1,1,9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,1,4322"
"ComponentID"="M2416447"
@="Microsoft .NET Framework 1.1 Security Update (KB2416447)"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"ComponentID"="MobilePk"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,19048"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,1,4322"
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"IsInstalled"=dword:00000001
"Dontask"=dword:00000002
"Locale"="*"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe\" OCInstallUserConfigOE"
"Version"="6,0,6002,18005"
@="Microsoft Windows Mail 7"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,19048"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.8"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="DE"
"Version"="5,8,6001,19046"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,19048"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5FE061AD-6037-5D3E-0B37-33AA03598DA2}]
@="Microsoft Windows Media Player"
"ComponentID"=""
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="11,0,6002,18111"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,19048"
"KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"IsInstalled"=dword:00000001
"Version"="11,0,6000,6324"
"ComponentID"="Microsoft Windows Media Player"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"
"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,9,9,2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{717F6491-6FBB-72A5-EE7F-A8E7A87B2295}]
@=".NET Framework"
"ComponentID"=".NETFramework"
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="2,0,50727,1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 7"
"Version"="6,0,6002,18324"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
@=".NET Framework"
"Locale"=""
"ComponentID"=".NETFramework"
"Version"="2,0,50727,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969"
"ComponentID"="IE4_SHELLID"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
"Version"="6,0,6002,18393"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer"
"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-20"
"ComponentID"="BASEIE40_W2K"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"IsInstalled"=dword:00000001
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install"
"DontAsk"=dword:00000002
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,19048"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"Locale"=""
"Version"="1,0,4322,1"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@SACL=
@="Adobe Flash Player"
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Version"="9.0.115.0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,6001,19048"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,0,00,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
"Locale"=""
"Version"="4,0,30319,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-11 23:11:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-11 21:11
.
Vor Suchlauf: 13 Verzeichnis(se), 312.989.130.752 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 312.900.980.736 Bytes frei
.
- - End Of File - - 1300123728742FEE45C7C5F8582B7F17
|
|
11.05.2011, 22:22
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/ClassLoader.AB Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2011, 05:18
| #15 |
| | JAVA/ClassLoader.AB Beide keine Funde. MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 64-bit Base Board Manufacturer: PEGATRON CORPORATION BIOS Manufacturer: American Megatrends Inc. System Manufacturer: HP-Pavilion System Product Name: FR456AA-ABD a6529.de Logical Drives Mask: 0x000003dc Kernel Drivers (total 135): 0x02212000 \SystemRoot\system32\ntoskrnl.exe 0x0272A000 \SystemRoot\system32\hal.dll 0x00606000 \SystemRoot\system32\kdcom.dll 0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x0064B000 \SystemRoot\system32\PSHED.dll 0x0065F000 \SystemRoot\system32\CLFS.SYS 0x006BC000 \SystemRoot\system32\CI.dll 0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008F0000 \SystemRoot\system32\drivers\acpi.sys 0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS 0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys 0x00959000 \SystemRoot\system32\drivers\pci.sys 0x00989000 \SystemRoot\System32\drivers\partmgr.sys 0x0099E000 \SystemRoot\system32\drivers\volmgr.sys 0x0076E000 \SystemRoot\System32\drivers\volmgrx.sys 0x009B2000 \SystemRoot\System32\drivers\mountmgr.sys 0x00A03000 \SystemRoot\system32\drivers\iastor.sys 0x00B1F000 \SystemRoot\system32\drivers\fltmgr.sys 0x00B66000 \SystemRoot\system32\drivers\fileinfo.sys 0x00B7A000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x00C05000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00E00000 \SystemRoot\system32\drivers\ndis.sys 0x00C8C000 \SystemRoot\system32\drivers\msrpc.sys 0x00CDC000 \SystemRoot\system32\drivers\NETIO.SYS 0x0100A000 \SystemRoot\System32\drivers\tcpip.sys 0x01180000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01200000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01380000 \SystemRoot\system32\drivers\volsnap.sys 0x013C4000 \SystemRoot\System32\Drivers\spldr.sys 0x013CC000 \SystemRoot\System32\Drivers\mup.sys 0x011AC000 \SystemRoot\System32\drivers\ecache.sys 0x013DE000 \SystemRoot\system32\drivers\disk.sys 0x00FC3000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x013F2000 \SystemRoot\system32\drivers\crcdisk.sys 0x0272A000 \SystemRoot\system32\hal.dll 0x02737000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x02740000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x02A0D000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x0300F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x030F2000 \SystemRoot\System32\drivers\watchdog.sys 0x03102000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x031EF000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x02F81000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x02FC7000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x02753000 \SystemRoot\system32\DRIVERS\Rtlh64.sys 0x02FD8000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x02FEA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x0277E000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x03000000 \SystemRoot\system32\DRIVERS\PS2.sys 0x02794000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x02A00000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x027A2000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x027BE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x00D35000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x00D6E000 \SystemRoot\system32\DRIVERS\storport.sys 0x027CB000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x027D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x02600000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x00DCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x011E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x00B86000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x00BA4000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x00BBC000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03009000 \SystemRoot\system32\DRIVERS\swenum.sys 0x009C5000 \SystemRoot\system32\DRIVERS\ks.sys 0x00FEF000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x00BCF000 \SystemRoot\system32\DRIVERS\umbus.sys 0x03208000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x03250000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x03271000 \SystemRoot\system32\drivers\HdAudio.sys 0x032BA000 \SystemRoot\system32\drivers\portcls.sys 0x032F5000 \SystemRoot\system32\drivers\drmk.sys 0x03318000 \SystemRoot\system32\drivers\ksthunk.sys 0x0420D000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x04366000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x04370000 \SystemRoot\System32\Drivers\Null.SYS 0x04384000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x0438C000 \SystemRoot\System32\drivers\vga.sys 0x0439A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x043BF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x043C8000 \SystemRoot\system32\drivers\rdpencdd.sys 0x043D1000 \SystemRoot\System32\Drivers\Msfs.SYS 0x043DC000 \SystemRoot\System32\Drivers\Npfs.SYS 0x043ED000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x0332B000 \SystemRoot\system32\DRIVERS\tdx.sys 0x03348000 \SystemRoot\system32\DRIVERS\smb.sys 0x03363000 \SystemRoot\system32\drivers\afd.sys 0x0440F000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04453000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04471000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04480000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x0449B000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x044E8000 \SystemRoot\system32\drivers\nsiproxy.sys 0x044F4000 \SystemRoot\System32\Drivers\dfsc.sys 0x04511000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x04533000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x0454B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0454D000 \SystemRoot\System32\Drivers\crashdmp.sys 0x0260C000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x0455B000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x04577000 \SystemRoot\system32\drivers\LVUSBS64.sys 0x04A0B000 \SystemRoot\system32\DRIVERS\LV302V64.SYS 0x04CAA000 \SystemRoot\system32\DRIVERS\lv302a64.sys 0x04CAD000 \SystemRoot\system32\drivers\usbaudio.sys 0x04CC6000 \SystemRoot\system32\DRIVERS\lvrs64.sys 0x00040000 \SystemRoot\System32\win32k.sys 0x04D15000 \SystemRoot\System32\drivers\Dxapi.sys 0x004F0000 \SystemRoot\System32\TSDDD.dll 0x006D0000 \SystemRoot\System32\cdd.dll 0x04D34000 \SystemRoot\system32\drivers\luafv.sys 0x04D56000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x0600D000 \SystemRoot\system32\drivers\spsys.sys 0x060A7000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x060BB000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x060D3000 \SystemRoot\system32\drivers\HTTP.sys 0x06176000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0619F000 \SystemRoot\system32\DRIVERS\bowser.sys 0x061BD000 \SystemRoot\System32\drivers\mpsdrv.sys 0x061D7000 \SystemRoot\system32\drivers\mrxdav.sys 0x04D73000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x04D9C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x04582000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x045A1000 \SystemRoot\System32\DRIVERS\srv2.sys 0x06600000 \SystemRoot\System32\DRIVERS\srv.sys 0x06693000 \SystemRoot\system32\drivers\peauth.sys 0x06749000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06754000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06764000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x06784000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x0679A000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys 0x067A4000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x067C0000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x067C8000 \SystemRoot\system32\DRIVERS\monitor.sys 0x776D0000 \Windows\System32\ntdll.dll Processes (total 73): 0 System Idle Process 4 System 476 C:\Windows\System32\smss.exe 548 csrss.exe 604 C:\Windows\System32\wininit.exe 624 csrss.exe 660 C:\Windows\System32\services.exe 672 C:\Windows\System32\lsass.exe 680 C:\Windows\System32\lsm.exe 788 C:\Windows\System32\winlogon.exe 872 C:\Windows\System32\svchost.exe 968 C:\Windows\System32\svchost.exe 132 C:\Windows\System32\svchost.exe 360 C:\Windows\System32\Ati2evxx.exe 496 C:\Windows\System32\svchost.exe 556 C:\Windows\System32\svchost.exe 648 C:\Windows\System32\svchost.exe 1072 C:\Windows\System32\audiodg.exe 1096 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\SLsvc.exe 1160 C:\Windows\System32\svchost.exe 1324 C:\Windows\System32\svchost.exe 1424 C:\Windows\System32\Ati2evxx.exe 1612 C:\Windows\System32\spoolsv.exe 1636 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1672 C:\Windows\System32\svchost.exe 468 C:\Windows\System32\dwm.exe 1264 C:\Windows\System32\taskeng.exe 1544 C:\Windows\System32\taskeng.exe 1988 C:\Windows\explorer.exe 2184 HP1006MC.EXE 2304 C:\Program Files\Windows Defender\MSASCui.exe 2312 C:\Windows\RAVCpl64.exe 2552 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2568 C:\Windows\ehome\ehtray.exe 2588 ehmsas.exe 2640 C:\hp\support\hpsysdrv.exe 2668 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2676 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe 2724 C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2736 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe 2812 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 2828 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2840 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 2852 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2908 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 2932 C:\Windows\SysWOW64\svchost.exe 2968 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 3000 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 3024 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe 1240 LVPrS64H.exe 328 C:\Windows\System32\svchost.exe 676 C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe 312 C:\Windows\System32\svchost.exe 1980 C:\Windows\System32\svchost.exe 2464 C:\Windows\System32\SearchIndexer.exe 2404 WUDFHost.exe 3760 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3904 C:\Windows\System32\conime.exe 2636 C:\Program Files\Windows Media Player\wmpnetwk.exe 2272 unsecapp.exe 244 C:\Program Files\iPod\bin\iPodService.exe 4180 WmiPrvSE.exe 4876 C:\Windows\System32\svchost.exe 4996 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 2796 C:\Program Files\Windows Media Player\wmpnscfg.exe 3100 C:\Windows\servicing\TrustedInstaller.exe 5588 MpCmdRun.exe 8132 taskeng.exe 264 mobsync.exe 6124 dllhost.exe 6084 dllhost.exe 7792 C:\Users\helmi\Documents\Notes\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000092`1fb39a00 (NTFS) PhysicalDrive0 Model Number: WDCWD6400AAKS-65A7B0, Rev: 01.03B01 Size Device Name MBR Status -------------------------------------------- 596 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected SHA1: F362CE084BC77B454330005C1657154A64FB9456 Done! |
|
| Themen zu JAVA/ClassLoader.AB |
| .dll, acrobat, adobe, antivir, datei, desktop, free, google, logitech, lws.exe, microsoft, modul, namen, nt.dll, preferences, programm, prozess, prozesse, realplayer, registry, secure, skype.exe, software, svchost.exe, system32, verweise, virus gefunden, vista, webcam, windows, wmi |
Textbox.
.
Linear-Darstellung
