Trojaner-Board - Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner (https://www.trojaner-board.de/104412-problem-eset-online-scanner-fund-variante-win32-spyzbot-zr-trojaner.html)

Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner

Hallo liebe Forumsgemeinde,

erstmal möcht ich mich vorstellen , ich bin Simon bin das erste mal hier

Und vorerstmal hoffe ich, dass dies auch das richtige Unterforum ist, da ich ja sowohl ein Problem mit dem Scanner, als auch mit Befall habe..

Ich habe ein problem mit dem ESET Online Scanner.
Mein PC hat im Arbeitsspeicher einen WIn 32 SpyZBot ZR Trojaner gefunden. Nun habe ich den ESET scanner eingesetzt ( in den Feldern ''Automatisches Deinstallieren der Schädlinge'' und ''Archive durchsuchen'' waren bei beiden die Häkchen drin).

Jetzt müsste der Bildschirm nach dem Fund, ja theoretisch so aussehn :

http://www.trojaner-board.de/attachm...er-nod32-5.png

Das Problem ist, dass das unter dem Schriftfeld : '' Wählen sie Deinstallieren , wenn sie alle Dateien von ESET Online Scanner von ihrem Computer entfernen möchten. Wenn sie ESET Online Scanner das nächste mal online ausführen, müssen Sie sie wieder herunterladen '' NICHTS ist... blankes Weiß..nur noch rechts unten '' Fertig stellen'' sodass mir die Reinigung im Prinzip verweigert wird.

Ich danke schonmal im Vorraus für die Hilfe

Okay ich habe jetzt erstmal folgendes gemacht:

Malware Bytes ( nichts gefunden )

Log :

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7988

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.10.2011 13:49:31
mbam-log-2011-10-23 (13-49-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 293729
Laufzeit: 1 Stunde(n), 7 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
______________________________________________________________________________________________________________

Antivir:

hat 2 Dateien gefunden ( wurden in Quarantäne verschoben)

Log :

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 23. Oktober 2011 13:58

Es wird nach 3421795 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows XP
Windowsversion : (Service Pack 3) [5.1.2600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SIMON-14D0750F1

Versionsinformationen:
BUILD.DAT : 12.0.0.855 41827 Bytes 12.10.2011 16:36:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 11.10.2011 12:59:38
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47
AVSCPLR.DLL : 12.1.0.19 99536 Bytes 11.10.2011 12:59:38
AVREG.DLL : 12.1.0.20 227024 Bytes 11.10.2011 12:59:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 15:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 12:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 07:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 12:59:54
VBASE008.VDF : 7.11.15.107 2048 Bytes 05.10.2011 12:59:54
VBASE009.VDF : 7.11.15.108 2048 Bytes 05.10.2011 12:59:54
VBASE010.VDF : 7.11.15.109 2048 Bytes 05.10.2011 12:59:54
VBASE011.VDF : 7.11.15.110 2048 Bytes 05.10.2011 12:59:54
VBASE012.VDF : 7.11.15.111 2048 Bytes 05.10.2011 12:59:54
VBASE013.VDF : 7.11.15.144 161792 Bytes 07.10.2011 12:59:54
VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 12:59:54
VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 13:35:57
VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 20:34:20
VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 21:28:16
VBASE018.VDF : 7.11.16.77 139264 Bytes 20.10.2011 08:52:18
VBASE019.VDF : 7.11.16.78 2048 Bytes 20.10.2011 08:52:18
VBASE020.VDF : 7.11.16.79 2048 Bytes 20.10.2011 08:52:18
VBASE021.VDF : 7.11.16.80 2048 Bytes 20.10.2011 08:52:18
VBASE022.VDF : 7.11.16.81 2048 Bytes 20.10.2011 08:52:18
VBASE023.VDF : 7.11.16.82 2048 Bytes 20.10.2011 08:52:19
VBASE024.VDF : 7.11.16.83 2048 Bytes 20.10.2011 08:52:19
VBASE025.VDF : 7.11.16.84 2048 Bytes 20.10.2011 08:52:19
VBASE026.VDF : 7.11.16.85 2048 Bytes 20.10.2011 08:52:19
VBASE027.VDF : 7.11.16.86 2048 Bytes 20.10.2011 08:52:19
VBASE028.VDF : 7.11.16.87 2048 Bytes 20.10.2011 08:52:19
VBASE029.VDF : 7.11.16.88 2048 Bytes 20.10.2011 08:52:19
VBASE030.VDF : 7.11.16.89 2048 Bytes 20.10.2011 08:52:20
VBASE031.VDF : 7.11.16.106 86016 Bytes 21.10.2011 08:52:01
Engineversion : 8.2.6.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 01.09.2011 21:46:02
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 11.10.2011 12:59:35
AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02
AESBX.DLL : 8.2.1.34 323957 Bytes 01.09.2011 21:46:02
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.10.11 684408 Bytes 22.09.2011 14:18:45
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 15.09.2011 23:17:25
AEHEUR.DLL : 8.1.2.180 3748217 Bytes 12.10.2011 11:41:59
AEHELP.DLL : 8.1.17.7 254327 Bytes 01.09.2011 21:46:01
AEGEN.DLL : 8.1.5.9 401780 Bytes 01.09.2011 21:46:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.23.0 196983 Bytes 01.09.2011 21:46:01
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.17 223184 Bytes 11.10.2011 12:59:36
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\programme\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Sonntag, 23. Oktober 2011 13:58

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-1454471165-2000478354-725345543-1003\Software\SecuROM\License information\datasecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-1454471165-2000478354-725345543-1003\Software\SecuROM\License information\rkeysecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'rsmsink.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'msdtc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiapsrv.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVComSer.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'wscntfy.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrcSrv.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVComSer.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemon.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Communications_Helper.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vsnpstd3.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'tsnpstd3.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2750' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\System Volume Information\_restore{104CED89-B2A6-4229-BE7C-30F3762A2E14}\RP406\A0099553.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen5
C:\System Volume Information\_restore{104CED89-B2A6-4229-BE7C-30F3762A2E14}\RP423\A0100941.exe
[FUND] Ist das Trojanische Pferd TR/Spy.ZBot.WX

Beginne mit der Desinfektion:
C:\System Volume Information\_restore{104CED89-B2A6-4229-BE7C-30F3762A2E14}\RP423\A0100941.exe
[FUND] Ist das Trojanische Pferd TR/Spy.ZBot.WX
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c3bbe33.qua' verschoben!
C:\System Volume Information\_restore{104CED89-B2A6-4229-BE7C-30F3762A2E14}\RP406\A0099553.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen5
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ad9194.qua' verschoben!

Ende des Suchlaufs: Sonntag, 23. Oktober 2011 15:44
Benötigte Zeit: 1:45:40 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

29979 Verzeichnisse wurden überprüft
409331 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
409329 Dateien ohne Befall
6022 Archive wurden durchsucht
0 Warnungen
4 Hinweise
407833 Objekte wurden beim Rootkitscan durchsucht
2 Versteckte Objekte wurden gefunden

______________________________________________________________________________________________________________

Der Eset Scanner meldet allerdings weiterhin den Befall des Win32 SpyZBot ZR Trojaners.

Der Zbot Killer von Kasprsky brachte kein ergebnis :

Infected Files : 0
Infected Threads : 0
Unhooked Functions : 164
Deleted Files : 0
Fixed registry Files :0

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Zitat:

Jetzt müsste der Bildschirm nach dem Fund, ja theoretisch so aussehn :

Der Link zum Bild ist kaputt.

Hi :)

komisch, also wenn ich bei google bildersuche eset online scanner eingebe kommt das bild von hier.

http://www.trojaner-board.de/80603-e...ner-nod32.html

unterstes

MWB logs gibt es seit dem problem keine...die, die ich von davor habe sind entweder ebenfalls ohne befund , oder hingen ( falls sie denn was hatten) mit einem ganz anderen problem zusammen..trotzdem posten?

und schonmal :dankeschoen: dafür, dass du dich des themas angenommen hast

Versuch ESET bitte nochmal so:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hier bitte! ;)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=92601776bbb5294bb7852c636cb5c2ab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-22 10:10:00
# local_time=2011-10-23 12:10:00 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 604483 604483 0 0
# compatibility_mode=8192 67108863 100 0 124 124 0 0
# scanned=158426
# found=1
# cleaned=0
# scan_time=6160
${Memory} a variant of Win32/Spy.Zbot.ZR trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=92601776bbb5294bb7852c636cb5c2ab
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-23 12:04:22
# local_time=2011-10-23 02:04:22 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 611008 611008 0 0
# compatibility_mode=8192 67108863 100 0 6649 6649 0 0
# scanned=158432
# found=1
# cleaned=0
# scan_time=6493
${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=92601776bbb5294bb7852c636cb5c2ab
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-23 12:35:57
# local_time=2011-10-23 02:35:57 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 619356 619356 0 0
# compatibility_mode=8192 67108863 100 0 14997 14997 0 0
# scanned=1
# found=1
# cleaned=0
# scan_time=40
${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=92601776bbb5294bb7852c636cb5c2ab
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-23 12:48:09
# local_time=2011-10-23 02:48:09 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 620040 620040 0 0
# compatibility_mode=8192 67108863 100 0 15681 15681 0 0
# scanned=1
# found=1
# cleaned=0
# scan_time=88
${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=92601776bbb5294bb7852c636cb5c2ab
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-23 01:51:07
# local_time=2011-10-23 03:51:07 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 667061 667061 0 0
# compatibility_mode=8192 67108863 100 0 62702 62702 0 0
# scanned=1
# found=1
# cleaned=0
# scan_time=45
${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=92601776bbb5294bb7852c636cb5c2ab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-24 08:00:57
# local_time=2011-10-24 10:00:57 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 775632 775632 0 0
# compatibility_mode=8192 67108863 100 0 171273 171273 0 0
# scanned=1
# found=1
# cleaned=0
# scan_time=65
${Memory} Variante von Win32/Spy.Zbot.ZR Trojaner 00000000000000000000000000000000 I

Angeblich ist der im Arbeitsspeicher.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier der Inhalt der OTL.log Textdatei:

OTL Logfile:

Code:

OTL logfile created on: 25.10.2011 11:05:41 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,98 Mb Total Physical Memory | 647,73 Mb Available Physical Memory | 63,82% Memory free

2,39 Gb Paging File | 2,03 Gb Available in Paging File | 85,20% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 74,52 Gb Total Space | 50,33 Gb Free Space | 67,54% Space Free | Partition Type: NTFS

Drive E: | 6,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: SIMON-14D0750F1 | User Name: Simon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.10.25 11:05:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\OTL.exe

PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.01.05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2008.09.22 15:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2008.09.22 15:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2008.09.22 15:41:50 | 000,564,496 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.09.14 22:09:07 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe

PRC - [2006.08.21 14:35:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe

PRC - [2006.05.10 09:20:52 | 000,344,064 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.10.11 14:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2009.04.27 23:49:26 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2008.09.22 15:42:46 | 000,068,120 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVCSPS.dll

MOD - [2008.09.22 15:41:50 | 000,564,496 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe

MOD - [2006.08.21 14:35:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe

MOD - [2006.07.14 07:34:00 | 000,007,680 | ---- | M] () -- C:\Programme\DAEMON Tools\Plugins\Images\bw5mount.dll

MOD - [2006.05.10 09:20:52 | 000,344,064 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.01.05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)

SRV - [2008.09.22 15:44:28 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008.09.22 15:42:24 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.11.23 16:52:02 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.09.22 15:43:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2008.05.20 20:59:10 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2008.05.20 20:59:00 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)

DRV - [2008.05.20 20:58:48 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2008.05.20 20:58:02 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2006.02.06 20:19:54 | 008,410,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)

DRV - [2005.10.13 15:46:08 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)

DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.3

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="

FF - prefs.js..network.proxy.ftp: "        84.72.71.238"

FF - prefs.js..network.proxy.ftp_port: 80

FF - prefs.js..network.proxy.gopher: "        84.72.71.238"

FF - prefs.js..network.proxy.gopher_port: 80

FF - prefs.js..network.proxy.http: "184.106.213.192"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.socks: "        84.72.71.238"

FF - prefs.js..network.proxy.socks_port: 80

FF - prefs.js..network.proxy.ssl: "        84.72.71.238"

FF - prefs.js..network.proxy.ssl_port: 80

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.03 08:35:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.04 19:54:00 | 000,000,000 | ---D | M]

 

[2009.06.09 23:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Extensions

[2011.10.01 16:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions

[2011.09.24 21:01:58 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2011.09.29 19:21:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)

[2011.08.31 18:13:16 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}

[2010.06.26 23:36:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2011.08.31 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions

[2011.08.31 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI

[2011.10.21 17:41:59 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-1.xml

[2011.06.22 21:58:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-10.xml

[2011.08.24 12:50:07 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-11.xml

[2011.08.31 18:13:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-12.xml

[2011.09.01 10:40:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-13.xml

[2011.09.07 19:54:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-14.xml

[2011.09.29 17:38:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-15.xml

[2010.10.29 16:03:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-2.xml

[2010.12.11 15:08:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-3.xml

[2011.03.03 23:41:31 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-4.xml

[2011.03.06 10:43:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-5.xml

[2011.03.24 09:34:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-6.xml

[2011.05.01 01:36:09 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-7.xml

[2011.06.04 19:55:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-8.xml

[2011.06.22 16:00:15 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-9.xml

[2010.07.23 12:16:59 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin.xml

[2011.10.20 22:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.20 22:46:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010.05.06 07:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SIMON\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\MEZZ9NJM.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SIMON\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\MEZZ9NJM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SIMON\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\MEZZ9NJM.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI

[2009.06.28 03:02:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011.10.03 08:35:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.03 08:35:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.03 08:35:22 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.10.03 08:35:22 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.03 08:35:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.03 08:35:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.03 08:35:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe File not found

O4 - HKLM..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" File not found

O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()

O4 - HKCU..\Run: [giva.exe] C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274021090312 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274021082750 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{293D4BF7-24FC-4BF8-BF9C-B28219D622E8}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.09 20:47:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: vsmon - Service

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA844-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\CChat25.inf,PerUserAdd.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.10.23 13:54:56 | 000,108,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Simon\Desktop\ZBotKiller.exe

[2011.10.22 22:25:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2011.10.20 22:46:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype

[2011.10.20 21:54:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Temp

[2011.10.20 21:54:41 | 000,000,000 | ---D | C] -- C:\Programme\Freeware.de

[2011.10.20 21:54:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Conduit

[2011.10.20 21:54:37 | 000,000,000 | ---D | C] -- C:\cannonhill

[2011.10.18 23:43:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\NFS Underground 2

[2011.10.18 23:43:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DirectX

[2011.10.18 23:35:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Desktop\Need4speed Underground 2

[2011.10.17 12:06:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\TCM 2005

[2011.10.15 22:33:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Avira

[2011.10.15 22:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira

[2011.10.15 22:32:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2011.10.15 22:32:46 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011.10.15 22:32:46 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011.10.15 22:32:46 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2011.10.15 22:32:41 | 000,000,000 | ---D | C] -- C:\Programme\Avira

[2011.10.15 22:32:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira

[2011.10.09 13:21:39 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Eigene Musik

[2011.10.04 22:31:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\ICQ

[2011.10.01 23:17:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads

[2011.09.29 20:04:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DeepBurner

[2011.09.29 20:04:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DeepBurner

[2011.09.29 20:04:26 | 000,000,000 | ---D | C] -- C:\Programme\Astonsoft

[2011.09.29 18:28:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Simon\Desktop\Music

[2009.07.05 22:37:52 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll

[2009.07.05 22:37:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll

[2009.07.05 22:37:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.10.25 08:25:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.10.25 08:24:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.10.25 08:24:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2011.10.25 08:24:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2011.10.23 02:53:04 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.10.18 23:34:10 | 000,060,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.18 14:18:56 | 000,450,175 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\tasche.jpg

[2011.10.17 11:53:04 | 000,281,865 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild002.jpg

[2011.10.16 16:28:33 | 000,086,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Unbenannt.bmp

[2011.10.15 22:33:06 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk

[2011.10.11 19:35:10 | 000,445,795 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild003.jpg

[2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2011.09.29 23:45:22 | 000,003,268 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.09.29 20:04:28 | 000,000,726 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Desktop\DeepBurner.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.10.18 15:21:35 | 000,450,175 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\tasche.jpg

[2011.10.18 00:25:26 | 000,317,847 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Desktop\02.jpg

[2011.10.18 00:25:26 | 000,287,214 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Desktop\01.jpg

[2011.10.17 12:54:43 | 000,445,795 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild003.jpg

[2011.10.17 12:54:43 | 000,387,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild004.jpg

[2011.10.17 12:54:42 | 000,364,859 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild001.jpg

[2011.10.17 12:54:42 | 000,281,865 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild002.jpg

[2011.10.17 12:54:41 | 000,299,219 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Bild000.jpg

[2011.10.16 16:28:33 | 000,086,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Unbenannt.bmp

[2011.10.15 22:33:06 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk

[2011.09.29 20:04:28 | 000,000,726 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Desktop\DeepBurner.lnk

[2011.08.11 13:31:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2011.08.10 16:25:11 | 000,183,040 | ---- | C] () -- C:\WINDOWS\PI.EXE

[2011.07.12 15:37:48 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe

[2011.04.20 11:47:43 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Loewe_4.ini

[2010.12.25 23:33:45 | 000,000,329 | ---- | C] () -- C:\WINDOWS\cncscore.ini

[2010.12.06 23:58:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll

[2010.05.09 15:01:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2010.05.09 15:01:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2010.05.09 15:01:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2010.05.09 14:59:43 | 000,000,035 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2010.02.21 20:55:35 | 000,507,904 | ---- | C] () -- C:\WINDOWS\Silent Hunter II remove.exe

[2010.02.21 20:42:36 | 000,000,526 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2009.11.08 15:39:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009.10.10 21:50:29 | 000,068,960 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009.10.10 00:51:53 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2009.10.10 00:38:32 | 000,003,268 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009.10.09 23:44:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009.08.26 19:38:22 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.07.05 22:37:54 | 000,344,064 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe

[2009.07.05 22:37:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe

[2009.07.05 22:37:53 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini

[2009.07.05 22:37:52 | 008,410,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd3.sys

[2009.07.05 22:37:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe

[2009.06.20 09:56:36 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2009.06.14 15:23:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009.06.09 23:11:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009.06.09 21:51:21 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2009.06.09 21:26:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009.06.09 21:25:50 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009.06.09 21:11:26 | 000,060,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.06.09 20:49:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009.06.09 20:44:18 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008.09.22 15:43:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2004.08.04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004.08.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004.08.04 14:00:00 | 000,405,448 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2004.08.04 14:00:00 | 000,392,432 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004.08.04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004.08.04 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2004.08.04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004.08.04 14:00:00 | 000,070,778 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2004.08.04 14:00:00 | 000,058,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004.08.04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004.08.04 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2004.08.04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004.08.04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004.08.04 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004.08.04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004.08.04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003.02.03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2010.11.23 16:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2010.11.23 17:00:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro

[2010.07.16 01:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2011.01.27 22:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations

[2009.06.09 21:51:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier

[2011.01.27 22:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia

[2011.01.27 22:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2010.12.30 11:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoShow

[2010.12.30 11:46:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoShow Shared Assets

[2011.01.29 19:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.11.23 16:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DAEMON Tools Lite

[2010.11.23 17:00:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DAEMON Tools Pro

[2011.09.29 20:10:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DeepBurner

[2009.06.14 19:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\FileZilla

[2011.10.25 08:39:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\ICQ

[2011.10.23 02:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien

[2009.10.14 14:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\OpenOffice.org

[2011.01.27 22:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\PC Suite

[2010.11.29 00:36:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Red Alert 3

[2011.01.29 20:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\SharePod

[2010.12.30 11:46:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Simple Star

[2011.08.28 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\TS3Client

[2010.12.20 22:16:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\VSO

[2010.01.19 23:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\WAtomic

[2011.09.21 12:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy

[2011.10.24 00:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Zenay

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.06.16 22:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Adobe

[2011.01.29 19:50:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Apple Computer

[2011.10.15 22:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Avira

[2009.07.05 19:54:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\CyberLink

[2010.11.23 16:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DAEMON Tools Lite

[2010.11.23 17:00:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DAEMON Tools Pro

[2011.09.29 20:10:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\DeepBurner

[2011.04.17 11:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\dvdcss

[2009.06.14 19:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\FileZilla

[2011.08.25 01:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Help

[2011.10.25 08:39:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\ICQ

[2009.06.09 20:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Identities

[2010.05.07 19:25:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\InstallShield

[2009.06.09 22:00:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Macromedia

[2010.12.25 20:31:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Malwarebytes

[2011.10.23 02:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien

[2010.12.25 20:21:10 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Microsoft

[2009.06.09 23:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla

[2009.10.14 14:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\OpenOffice.org

[2011.01.27 22:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\PC Suite

[2009.06.14 16:03:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Real

[2010.11.29 00:36:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Red Alert 3

[2010.12.30 11:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Roxio

[2009.09.21 10:04:25 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\SecuROM

[2011.01.29 20:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\SharePod

[2010.12.30 11:46:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Simple Star

[2011.10.23 21:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Skype

[2011.10.20 22:45:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\skypePM

[2009.06.28 03:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Sun

[2011.08.28 22:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\TS3Client

[2011.10.07 23:59:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\vlc

[2010.12.20 22:16:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\VSO

[2010.01.19 23:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\WAtomic

[2009.11.12 23:13:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\WinRAR

[2011.09.21 12:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy

[2011.10.24 00:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Zenay

 
 < %APPDATA%\*.exe /s >

[2010.07.29 14:14:43 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

[2010.07.29 14:14:43 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

[2010.07.29 14:14:43 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

[2010.03.29 08:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

[2010.10.22 00:51:28 | 000,175,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

 

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2009.06.09 22:04:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2009.06.09 22:04:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009.06.09 22:04:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2009.06.09 22:04:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010.11.23 16:52:02 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

[2009.06.09 22:25:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2009.06.09 22:25:23 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2009.06.09 22:25:23 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="

FF - prefs.js..network.proxy.ftp: "        84.72.71.238"

FF - prefs.js..network.proxy.ftp_port: 80

FF - prefs.js..network.proxy.gopher: "        84.72.71.238"

FF - prefs.js..network.proxy.gopher_port: 80

FF - prefs.js..network.proxy.http: "184.106.213.192"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.socks: "        84.72.71.238"

FF - prefs.js..network.proxy.socks_port: 80

FF - prefs.js..network.proxy.ssl: "        84.72.71.238"

FF - prefs.js..network.proxy.ssl_port: 80

[2011.09.29 19:21:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)

[2011.08.31 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions

[2011.08.31 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI

[2011.10.21 17:41:59 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-1.xml

[2011.06.22 21:58:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-10.xml

[2011.08.24 12:50:07 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-11.xml

[2011.08.31 18:13:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-12.xml

[2011.09.01 10:40:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-13.xml

[2011.09.07 19:54:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-14.xml

[2011.09.29 17:38:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-15.xml

[2010.10.29 16:03:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-2.xml

[2010.12.11 15:08:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-3.xml

[2011.03.03 23:41:31 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-4.xml

[2011.03.06 10:43:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-5.xml

[2011.03.24 09:34:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-6.xml

[2011.05.01 01:36:09 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-7.xml

[2011.06.04 19:55:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-8.xml

[2011.06.22 16:00:15 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-9.xml

[2010.07.23 12:16:59 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin.xml

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe File not found

O4 - HKCU..\Run: [giva.exe] C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.09 20:47:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

[2011.09.21 12:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy

[2011.10.24 00:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Zenay

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hier das Log:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
Prefs.js: " 84.72.71.238" removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: " 84.72.71.238" removed from network.proxy.gopher
Prefs.js: 80 removed from network.proxy.gopher_port
Prefs.js: "184.106.213.192" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: " 84.72.71.238" removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: " 84.72.71.238" removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\search_engine(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\META-INF(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\defaults(2)\preferences(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\defaults(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\components(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\skin(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\tr(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\sk(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\ru(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\it(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\he(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\fr(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\es(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\en-US(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\de(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\cs(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2)\bg(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\locale(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\content(2)\img(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2)\content(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)\chrome(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2) folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions folder moved successfully.
Folder C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI\ not found.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CameraFixer deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\giva.exe deleted successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Ycigy folder moved successfully.
C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Zenay folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 194364 bytes

User: Simon
->Temp folder emptied: 1109614999 bytes
->Temporary Internet Files folder emptied: 14635328 bytes
->Java cache emptied: 59692065 bytes
->FireFox cache emptied: 1172803213 bytes
->Flash cache emptied: 190612 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1923205 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.252,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 10252011_134030

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Tante Edith sagt: ESET findet nichts mehr und es wird mir das erste mal nach dem Scan '' Anwendung nach dem Schließen deinstallieren'' angezeigt! :Boogie:

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hier das Log:

16:32:37.0500 1932 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
16:32:37.0609 1932 ============================================================
16:32:37.0609 1932 Current date / time: 2011/10/25 16:32:37.0609
16:32:37.0609 1932 SystemInfo:
16:32:37.0609 1932
16:32:37.0609 1932 OS Version: 5.1.2600 ServicePack: 3.0
16:32:37.0609 1932 Product type: Workstation
16:32:37.0609 1932 ComputerName: SIMON-14D0750F1
16:32:37.0609 1932 UserName: Simon
16:32:37.0609 1932 Windows directory: C:\WINDOWS
16:32:37.0609 1932 System windows directory: C:\WINDOWS
16:32:37.0609 1932 Processor architecture: Intel x86
16:32:37.0609 1932 Number of processors: 1
16:32:37.0609 1932 Page size: 0x1000
16:32:37.0609 1932 Boot type: Normal boot
16:32:37.0609 1932 ============================================================
16:32:38.0750 1932 Initialize success
16:33:21.0062 1232 ============================================================
16:33:21.0062 1232 Scan started
16:33:21.0062 1232 Mode: Manual; SigCheck; TDLFS;
16:33:21.0062 1232 ============================================================
16:33:21.0296 1232 Abiosdsk - ok
16:33:21.0312 1232 abp480n5 - ok
16:33:21.0375 1232 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:33:22.0046 1232 ACPI ( UnsignedFile.Multi.Generic ) - warning
16:33:22.0046 1232 ACPI - detected UnsignedFile.Multi.Generic (1)
16:33:22.0140 1232 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:33:22.0156 1232 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
16:33:22.0156 1232 ACPIEC - detected UnsignedFile.Multi.Generic (1)
16:33:22.0187 1232 adpu160m - ok
16:33:22.0281 1232 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
16:33:22.0296 1232 aeaudio ( UnsignedFile.Multi.Generic ) - warning
16:33:22.0296 1232 aeaudio - detected UnsignedFile.Multi.Generic (1)
16:33:22.0328 1232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:33:22.0343 1232 aec ( UnsignedFile.Multi.Generic ) - warning
16:33:22.0343 1232 aec - detected UnsignedFile.Multi.Generic (1)
16:33:22.0437 1232 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
16:33:22.0468 1232 AFD ( UnsignedFile.Multi.Generic ) - warning
16:33:22.0468 1232 AFD - detected UnsignedFile.Multi.Generic (1)
16:33:22.0515 1232 Aha154x - ok
16:33:22.0562 1232 aic78u2 - ok
16:33:22.0609 1232 aic78xx - ok
16:33:22.0656 1232 AliIde - ok
16:33:22.0687 1232 amsint - ok
16:33:22.0718 1232 asc - ok
16:33:22.0734 1232 asc3350p - ok
16:33:22.0750 1232 asc3550 - ok
16:33:22.0796 1232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:33:22.0812 1232 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
16:33:22.0812 1232 AsyncMac - detected UnsignedFile.Multi.Generic (1)
16:33:22.0890 1232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:33:22.0906 1232 atapi ( UnsignedFile.Multi.Generic ) - warning
16:33:22.0906 1232 atapi - detected UnsignedFile.Multi.Generic (1)
16:33:22.0968 1232 Atdisk - ok
16:33:23.0031 1232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:33:23.0046 1232 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
16:33:23.0046 1232 Atmarpc - detected UnsignedFile.Multi.Generic (1)
16:33:23.0156 1232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:33:23.0156 1232 audstub ( UnsignedFile.Multi.Generic ) - warning
16:33:23.0156 1232 audstub - detected UnsignedFile.Multi.Generic (1)
16:33:23.0234 1232 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:33:23.0328 1232 avgntflt - ok
16:33:23.0421 1232 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:33:23.0437 1232 avipbb - ok
16:33:23.0515 1232 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:33:23.0531 1232 avkmgr - ok
16:33:23.0593 1232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:33:23.0609 1232 Beep ( UnsignedFile.Multi.Generic ) - warning
16:33:23.0609 1232 Beep - detected UnsignedFile.Multi.Generic (1)
16:33:23.0703 1232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:33:23.0734 1232 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
16:33:23.0734 1232 cbidf2k - detected UnsignedFile.Multi.Generic (1)
16:33:23.0812 1232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:33:23.0812 1232 CCDECODE ( UnsignedFile.Multi.Generic ) - warning
16:33:23.0812 1232 CCDECODE - detected UnsignedFile.Multi.Generic (1)
16:33:23.0859 1232 cd20xrnt - ok
16:33:23.0937 1232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:33:23.0953 1232 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
16:33:23.0953 1232 Cdaudio - detected UnsignedFile.Multi.Generic (1)
16:33:24.0046 1232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:33:24.0046 1232 Cdfs ( UnsignedFile.Multi.Generic ) - warning
16:33:24.0046 1232 Cdfs - detected UnsignedFile.Multi.Generic (1)
16:33:24.0140 1232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:33:24.0156 1232 Cdrom ( UnsignedFile.Multi.Generic ) - warning
16:33:24.0156 1232 Cdrom - detected UnsignedFile.Multi.Generic (1)
16:33:24.0187 1232 Changer - ok
16:33:24.0250 1232 CmdIde - ok
16:33:24.0296 1232 Cpqarray - ok
16:33:24.0312 1232 dac2w2k - ok
16:33:24.0328 1232 dac960nt - ok
16:33:24.0390 1232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:33:24.0421 1232 Disk ( UnsignedFile.Multi.Generic ) - warning
16:33:24.0421 1232 Disk - detected UnsignedFile.Multi.Generic (1)
16:33:24.0515 1232 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:33:24.0593 1232 dmboot ( UnsignedFile.Multi.Generic ) - warning
16:33:24.0593 1232 dmboot - detected UnsignedFile.Multi.Generic (1)
16:33:24.0687 1232 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:33:24.0718 1232 dmio ( UnsignedFile.Multi.Generic ) - warning
16:33:24.0718 1232 dmio - detected UnsignedFile.Multi.Generic (1)
16:33:24.0765 1232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:33:24.0781 1232 dmload ( UnsignedFile.Multi.Generic ) - warning
16:33:24.0781 1232 dmload - detected UnsignedFile.Multi.Generic (1)
16:33:24.0875 1232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:33:24.0890 1232 DMusic ( UnsignedFile.Multi.Generic ) - warning
16:33:24.0890 1232 DMusic - detected UnsignedFile.Multi.Generic (1)
16:33:24.0953 1232 dpti2o - ok
16:33:25.0000 1232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:33:25.0015 1232 drmkaud ( UnsignedFile.Multi.Generic ) - warning
16:33:25.0015 1232 drmkaud - detected UnsignedFile.Multi.Generic (1)
16:33:25.0093 1232 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:33:25.0109 1232 E100B ( UnsignedFile.Multi.Generic ) - warning
16:33:25.0109 1232 E100B - detected UnsignedFile.Multi.Generic (1)
16:33:25.0234 1232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:33:25.0250 1232 Fastfat ( UnsignedFile.Multi.Generic ) - warning
16:33:25.0250 1232 Fastfat - detected UnsignedFile.Multi.Generic (1)
16:33:25.0343 1232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:33:25.0359 1232 Fdc ( UnsignedFile.Multi.Generic ) - warning
16:33:25.0359 1232 Fdc - detected UnsignedFile.Multi.Generic (1)
16:33:25.0421 1232 FilterService (c9993169e75e75e8f2f450b172ddf814) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
16:33:25.0421 1232 FilterService - ok
16:33:25.0500 1232 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:33:25.0515 1232 Fips ( UnsignedFile.Multi.Generic ) - warning
16:33:25.0515 1232 Fips - detected UnsignedFile.Multi.Generic (1)
16:33:25.0546 1232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:33:25.0562 1232 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
16:33:25.0562 1232 Flpydisk - detected UnsignedFile.Multi.Generic (1)
16:33:25.0640 1232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:33:25.0703 1232 FltMgr ( UnsignedFile.Multi.Generic ) - warning
16:33:25.0703 1232 FltMgr - detected UnsignedFile.Multi.Generic (1)
16:33:25.0781 1232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:33:25.0796 1232 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
16:33:25.0796 1232 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
16:33:25.0906 1232 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:33:25.0921 1232 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
16:33:25.0921 1232 Ftdisk - detected UnsignedFile.Multi.Generic (1)
16:33:26.0015 1232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:33:26.0015 1232 GEARAspiWDM - ok
16:33:26.0078 1232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:33:26.0109 1232 Gpc ( UnsignedFile.Multi.Generic ) - warning
16:33:26.0109 1232 Gpc - detected UnsignedFile.Multi.Generic (1)
16:33:26.0203 1232 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:33:26.0203 1232 hidusb ( UnsignedFile.Multi.Generic ) - warning
16:33:26.0203 1232 hidusb - detected UnsignedFile.Multi.Generic (1)
16:33:26.0250 1232 hpn - ok
16:33:26.0343 1232 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
16:33:26.0359 1232 HTTP ( UnsignedFile.Multi.Generic ) - warning
16:33:26.0359 1232 HTTP - detected UnsignedFile.Multi.Generic (1)
16:33:26.0421 1232 i2omgmt - ok
16:33:26.0453 1232 i2omp - ok
16:33:26.0500 1232 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:33:26.0515 1232 i8042prt ( UnsignedFile.Multi.Generic ) - warning
16:33:26.0515 1232 i8042prt - detected UnsignedFile.Multi.Generic (1)
16:33:26.0625 1232 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:33:26.0687 1232 ialm ( UnsignedFile.Multi.Generic ) - warning
16:33:26.0687 1232 ialm - detected UnsignedFile.Multi.Generic (1)
16:33:26.0781 1232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:33:26.0796 1232 Imapi ( UnsignedFile.Multi.Generic ) - warning
16:33:26.0796 1232 Imapi - detected UnsignedFile.Multi.Generic (1)
16:33:26.0859 1232 ini910u - ok
16:33:26.0937 1232 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:33:26.0953 1232 IntelIde ( UnsignedFile.Multi.Generic ) - warning
16:33:26.0953 1232 IntelIde - detected UnsignedFile.Multi.Generic (1)
16:33:27.0046 1232 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:33:27.0062 1232 intelppm ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0062 1232 intelppm - detected UnsignedFile.Multi.Generic (1)
16:33:27.0156 1232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:33:27.0171 1232 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0171 1232 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
16:33:27.0234 1232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:33:27.0234 1232 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0234 1232 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
16:33:27.0328 1232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:33:27.0343 1232 IpInIp ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0343 1232 IpInIp - detected UnsignedFile.Multi.Generic (1)
16:33:27.0437 1232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:33:27.0453 1232 IpNat ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0453 1232 IpNat - detected UnsignedFile.Multi.Generic (1)
16:33:27.0546 1232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:33:27.0546 1232 IPSec ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0546 1232 IPSec - detected UnsignedFile.Multi.Generic (1)
16:33:27.0593 1232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:33:27.0609 1232 IRENUM ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0609 1232 IRENUM - detected UnsignedFile.Multi.Generic (1)
16:33:27.0718 1232 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:33:27.0718 1232 isapnp ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0718 1232 isapnp - detected UnsignedFile.Multi.Generic (1)
16:33:27.0796 1232 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:33:27.0812 1232 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0812 1232 Kbdclass - detected UnsignedFile.Multi.Generic (1)
16:33:27.0875 1232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:33:27.0890 1232 kmixer ( UnsignedFile.Multi.Generic ) - warning
16:33:27.0890 1232 kmixer - detected UnsignedFile.Multi.Generic (1)
16:33:27.0984 1232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:33:28.0000 1232 KSecDD ( UnsignedFile.Multi.Generic ) - warning
16:33:28.0000 1232 KSecDD - detected UnsignedFile.Multi.Generic (1)
16:33:28.0062 1232 lbrtfdc - ok
16:33:28.0156 1232 LVPr2Mon (9af4d60b777832834e6fe424ede60fcd) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
16:33:28.0156 1232 LVPr2Mon - ok
16:33:28.0265 1232 LVRS (c0bb2a314dbf04cfde45868ddeee204d) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:33:28.0328 1232 LVRS - ok
16:33:28.0421 1232 LVUSBSta (c77adb4c1c0767e2e7b2c54375cd7a09) C:\WINDOWS\system32\drivers\LVUSBSta.sys
16:33:28.0421 1232 LVUSBSta - ok
16:33:28.0609 1232 LVUVC (cb971e3cba88339e43625f16d1cb9f1b) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:33:28.0859 1232 LVUVC - ok
16:33:28.0968 1232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:33:28.0984 1232 mnmdd ( UnsignedFile.Multi.Generic ) - warning
16:33:28.0984 1232 mnmdd - detected UnsignedFile.Multi.Generic (1)
16:33:29.0062 1232 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:33:29.0062 1232 Modem ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0062 1232 Modem - detected UnsignedFile.Multi.Generic (1)
16:33:29.0125 1232 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:33:29.0140 1232 Mouclass ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0140 1232 Mouclass - detected UnsignedFile.Multi.Generic (1)
16:33:29.0234 1232 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:33:29.0234 1232 mouhid ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0234 1232 mouhid - detected UnsignedFile.Multi.Generic (1)
16:33:29.0312 1232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:33:29.0343 1232 MountMgr ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0343 1232 MountMgr - detected UnsignedFile.Multi.Generic (1)
16:33:29.0359 1232 mraid35x - ok
16:33:29.0437 1232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:33:29.0453 1232 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0453 1232 MRxDAV - detected UnsignedFile.Multi.Generic (1)
16:33:29.0546 1232 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:33:29.0625 1232 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0625 1232 MRxSmb - detected UnsignedFile.Multi.Generic (1)
16:33:29.0718 1232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:33:29.0734 1232 Msfs ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0734 1232 Msfs - detected UnsignedFile.Multi.Generic (1)
16:33:29.0828 1232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:33:29.0859 1232 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0859 1232 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
16:33:29.0953 1232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:33:29.0953 1232 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
16:33:29.0953 1232 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
16:33:30.0046 1232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:33:30.0062 1232 MSPQM ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0062 1232 MSPQM - detected UnsignedFile.Multi.Generic (1)
16:33:30.0187 1232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:33:30.0203 1232 mssmbios ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0203 1232 mssmbios - detected UnsignedFile.Multi.Generic (1)
16:33:30.0296 1232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:33:30.0328 1232 MSTEE ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0328 1232 MSTEE - detected UnsignedFile.Multi.Generic (1)
16:33:30.0406 1232 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:33:30.0406 1232 Mup ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0406 1232 Mup - detected UnsignedFile.Multi.Generic (1)
16:33:30.0515 1232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:33:30.0531 1232 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0531 1232 NABTSFEC - detected UnsignedFile.Multi.Generic (1)
16:33:30.0640 1232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:33:30.0671 1232 NDIS ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0671 1232 NDIS - detected UnsignedFile.Multi.Generic (1)
16:33:30.0750 1232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:33:30.0781 1232 NdisIP ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0781 1232 NdisIP - detected UnsignedFile.Multi.Generic (1)
16:33:30.0828 1232 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:33:30.0843 1232 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0843 1232 NdisTapi - detected UnsignedFile.Multi.Generic (1)
16:33:30.0890 1232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:33:30.0906 1232 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0906 1232 Ndisuio - detected UnsignedFile.Multi.Generic (1)
16:33:30.0968 1232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:33:30.0984 1232 NdisWan ( UnsignedFile.Multi.Generic ) - warning
16:33:30.0984 1232 NdisWan - detected UnsignedFile.Multi.Generic (1)
16:33:31.0046 1232 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:33:31.0062 1232 NDProxy ( UnsignedFile.Multi.Generic ) - warning
16:33:31.0062 1232 NDProxy - detected UnsignedFile.Multi.Generic (1)
16:33:31.0125 1232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:33:31.0140 1232 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
16:33:31.0140 1232 NetBIOS - detected UnsignedFile.Multi.Generic (1)
16:33:31.0218 1232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:33:31.0234 1232 NetBT ( UnsignedFile.Multi.Generic ) - warning
16:33:31.0234 1232 NetBT - detected UnsignedFile.Multi.Generic (1)
16:33:31.0343 1232 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
16:33:31.0359 1232 nmwcd ( UnsignedFile.Multi.Generic ) - warning
16:33:31.0359 1232 nmwcd - detected UnsignedFile.Multi.Generic (1)
16:33:31.0406 1232 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
16:33:31.0421 1232 nmwcdc ( UnsignedFile.Multi.Generic ) - warning
16:33:31.0421 1232 nmwcdc - detected UnsignedFile.Multi.Generic (1)
16:33:31.0515 1232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:33:31.0546 1232 Npfs ( UnsignedFile.Multi.Generic ) - warning
16:33:31.0546 1232 Npfs - detected UnsignedFile.Multi.Generic (1)
16:33:31.0609 1232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:33:31.0687 1232 Ntfs ( UnsignedFile.Multi.Generic ) - warning
16:33:31.0687 1232 Ntfs - detected UnsignedFile.Multi.Generic (1)
16:33:31.0781 1232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:33:31.0812 1232 Null ( UnsignedFile.Multi.Generic ) - warning
16:33:31.0812 1232 Null - detected UnsignedFile.Multi.Generic (1)
16:33:31.0890 1232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:33:31.0921 1232 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
16:33:31.0921 1232 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
16:33:32.0015 1232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:33:32.0031 1232 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
16:33:32.0031 1232 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
16:33:32.0125 1232 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
16:33:32.0140 1232 Parport ( UnsignedFile.Multi.Generic ) - warning
16:33:32.0140 1232 Parport - detected UnsignedFile.Multi.Generic (1)
16:33:32.0234 1232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:33:32.0250 1232 PartMgr ( UnsignedFile.Multi.Generic ) - warning
16:33:32.0250 1232 PartMgr - detected UnsignedFile.Multi.Generic (1)
16:33:32.0343 1232 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:33:32.0359 1232 ParVdm ( UnsignedFile.Multi.Generic ) - warning
16:33:32.0359 1232 ParVdm - detected UnsignedFile.Multi.Generic (1)
16:33:32.0437 1232 pccsmcfd - ok
16:33:32.0500 1232 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:33:32.0515 1232 PCI ( UnsignedFile.Multi.Generic ) - warning
16:33:32.0515 1232 PCI - detected UnsignedFile.Multi.Generic (1)
16:33:32.0609 1232 PCIDump - ok
16:33:32.0671 1232 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
16:33:32.0687 1232 PCIIde ( UnsignedFile.Multi.Generic ) - warning
16:33:32.0687 1232 PCIIde - detected UnsignedFile.Multi.Generic (1)
16:33:32.0781 1232 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:33:32.0796 1232 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
16:33:32.0796 1232 Pcmcia - detected UnsignedFile.Multi.Generic (1)
16:33:32.0843 1232 PDCOMP - ok
16:33:32.0890 1232 PDFRAME - ok
16:33:32.0906 1232 PDRELI - ok
16:33:32.0921 1232 PDRFRAME - ok
16:33:32.0937 1232 perc2 - ok
16:33:32.0953 1232 perc2hib - ok
16:33:33.0031 1232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:33:33.0046 1232 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
16:33:33.0046 1232 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
16:33:33.0156 1232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:33:33.0171 1232 PSched ( UnsignedFile.Multi.Generic ) - warning
16:33:33.0171 1232 PSched - detected UnsignedFile.Multi.Generic (1)
16:33:33.0265 1232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:33:33.0265 1232 Ptilink ( UnsignedFile.Multi.Generic ) - warning
16:33:33.0265 1232 Ptilink - detected UnsignedFile.Multi.Generic (1)
16:33:33.0312 1232 ql1080 - ok
16:33:33.0375 1232 Ql10wnt - ok
16:33:33.0390 1232 ql12160 - ok
16:33:33.0406 1232 ql1240 - ok
16:33:33.0421 1232 ql1280 - ok
16:33:33.0468 1232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:33:33.0500 1232 RasAcd ( UnsignedFile.Multi.Generic ) - warning
16:33:33.0500 1232 RasAcd - detected UnsignedFile.Multi.Generic (1)
16:33:33.0593 1232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:33:33.0609 1232 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
16:33:33.0609 1232 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
16:33:33.0703 1232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:33:33.0718 1232 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
16:33:33.0718 1232 RasPppoe - detected UnsignedFile.Multi.Generic (1)
16:33:33.0812 1232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:33:33.0828 1232 Raspti ( UnsignedFile.Multi.Generic ) - warning
16:33:33.0828 1232 Raspti - detected UnsignedFile.Multi.Generic (1)
16:33:33.0890 1232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:33:33.0906 1232 Rdbss ( UnsignedFile.Multi.Generic ) - warning
16:33:33.0906 1232 Rdbss - detected UnsignedFile.Multi.Generic (1)
16:33:34.0000 1232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:33:34.0000 1232 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0000 1232 RDPCDD - detected UnsignedFile.Multi.Generic (1)
16:33:34.0078 1232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:33:34.0093 1232 rdpdr ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0093 1232 rdpdr - detected UnsignedFile.Multi.Generic (1)
16:33:34.0156 1232 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:33:34.0171 1232 RDPWD ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0171 1232 RDPWD - detected UnsignedFile.Multi.Generic (1)
16:33:34.0234 1232 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:33:34.0250 1232 redbook ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0250 1232 redbook - detected UnsignedFile.Multi.Generic (1)
16:33:34.0375 1232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:33:34.0390 1232 Secdrv ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0390 1232 Secdrv - detected UnsignedFile.Multi.Generic (1)
16:33:34.0453 1232 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:33:34.0468 1232 serenum ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0468 1232 serenum - detected UnsignedFile.Multi.Generic (1)
16:33:34.0531 1232 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
16:33:34.0546 1232 Serial ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0546 1232 Serial - detected UnsignedFile.Multi.Generic (1)
16:33:34.0640 1232 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
16:33:34.0640 1232 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0656 1232 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
16:33:34.0703 1232 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
16:33:34.0718 1232 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0718 1232 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
16:33:34.0828 1232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:33:34.0843 1232 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0843 1232 Sfloppy - detected UnsignedFile.Multi.Generic (1)
16:33:34.0953 1232 sfsync03 (344b5af83cca5377752b8855d4324e69) C:\WINDOWS\system32\drivers\sfsync03.sys
16:33:34.0968 1232 sfsync03 ( UnsignedFile.Multi.Generic ) - warning
16:33:34.0968 1232 sfsync03 - detected UnsignedFile.Multi.Generic (1)
16:33:35.0046 1232 Simbad - ok
16:33:35.0093 1232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:33:35.0125 1232 SLIP ( UnsignedFile.Multi.Generic ) - warning
16:33:35.0125 1232 SLIP - detected UnsignedFile.Multi.Generic (1)
16:33:35.0218 1232 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
16:33:35.0359 1232 smwdm ( UnsignedFile.Multi.Generic ) - warning
16:33:35.0359 1232 smwdm - detected UnsignedFile.Multi.Generic (1)
16:33:37.0093 1232 SNPSTD3 (de2dc31ed0b921c223691462059f7183) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
16:33:39.0234 1232 SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning
16:33:39.0234 1232 SNPSTD3 - detected UnsignedFile.Multi.Generic (1)
16:33:39.0281 1232 Sparrow - ok
16:33:39.0343 1232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:33:39.0359 1232 splitter ( UnsignedFile.Multi.Generic ) - warning
16:33:39.0359 1232 splitter - detected UnsignedFile.Multi.Generic (1)
16:33:39.0500 1232 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
16:33:39.0500 1232 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
16:33:39.0500 1232 sptd ( LockedFile.Multi.Generic ) - warning
16:33:39.0500 1232 sptd - detected LockedFile.Multi.Generic (1)
16:33:39.0546 1232 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:33:39.0578 1232 sr ( UnsignedFile.Multi.Generic ) - warning
16:33:39.0578 1232 sr - detected UnsignedFile.Multi.Generic (1)
16:33:39.0656 1232 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
16:33:39.0687 1232 Srv ( UnsignedFile.Multi.Generic ) - warning
16:33:39.0687 1232 Srv - detected UnsignedFile.Multi.Generic (1)
16:33:39.0781 1232 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:33:39.0781 1232 ssmdrv - ok
16:33:39.0906 1232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:33:39.0921 1232 streamip ( UnsignedFile.Multi.Generic ) - warning
16:33:39.0921 1232 streamip - detected UnsignedFile.Multi.Generic (1)
16:33:39.0984 1232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:33:39.0984 1232 swenum ( UnsignedFile.Multi.Generic ) - warning
16:33:39.0984 1232 swenum - detected UnsignedFile.Multi.Generic (1)
16:33:40.0078 1232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:33:40.0093 1232 swmidi ( UnsignedFile.Multi.Generic ) - warning
16:33:40.0093 1232 swmidi - detected UnsignedFile.Multi.Generic (1)
16:33:40.0125 1232 symc810 - ok
16:33:40.0171 1232 symc8xx - ok
16:33:40.0203 1232 sym_hi - ok
16:33:40.0265 1232 sym_u3 - ok
16:33:40.0296 1232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:33:40.0312 1232 sysaudio ( UnsignedFile.Multi.Generic ) - warning
16:33:40.0312 1232 sysaudio - detected UnsignedFile.Multi.Generic (1)
16:33:40.0421 1232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:33:40.0500 1232 Tcpip ( UnsignedFile.Multi.Generic ) - warning
16:33:40.0500 1232 Tcpip - detected UnsignedFile.Multi.Generic (1)
16:33:40.0609 1232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:33:40.0640 1232 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
16:33:40.0640 1232 TDPIPE - detected UnsignedFile.Multi.Generic (1)
16:33:40.0671 1232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:33:40.0671 1232 TDTCP ( UnsignedFile.Multi.Generic ) - warning
16:33:40.0671 1232 TDTCP - detected UnsignedFile.Multi.Generic (1)
16:33:40.0765 1232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:33:40.0796 1232 TermDD ( UnsignedFile.Multi.Generic ) - warning
16:33:40.0796 1232 TermDD - detected UnsignedFile.Multi.Generic (1)
16:33:40.0843 1232 TosIde - ok
16:33:40.0937 1232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:33:40.0953 1232 Udfs ( UnsignedFile.Multi.Generic ) - warning
16:33:40.0953 1232 Udfs - detected UnsignedFile.Multi.Generic (1)
16:33:40.0968 1232 ultra - ok
16:33:41.0062 1232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:33:41.0125 1232 Update ( UnsignedFile.Multi.Generic ) - warning
16:33:41.0125 1232 Update - detected UnsignedFile.Multi.Generic (1)
16:33:41.0203 1232 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
16:33:41.0218 1232 upperdev ( UnsignedFile.Multi.Generic ) - warning
16:33:41.0218 1232 upperdev - detected UnsignedFile.Multi.Generic (1)
16:33:41.0296 1232 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:33:41.0328 1232 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
16:33:41.0328 1232 USBAAPL - detected UnsignedFile.Multi.Generic (1)
16:33:41.0406 1232 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:33:41.0421 1232 usbaudio ( UnsignedFile.Multi.Generic ) - warning
16:33:41.0421 1232 usbaudio - detected UnsignedFile.Multi.Generic (1)
16:33:41.0500 1232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:33:41.0515 1232 usbccgp ( UnsignedFile.Multi.Generic ) - warning
16:33:41.0515 1232 usbccgp - detected UnsignedFile.Multi.Generic (1)
16:33:41.0609 1232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:33:41.0625 1232 usbehci ( UnsignedFile.Multi.Generic ) - warning
16:33:41.0625 1232 usbehci - detected UnsignedFile.Multi.Generic (1)
16:33:41.0703 1232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:33:41.0718 1232 usbhub ( UnsignedFile.Multi.Generic ) - warning
16:33:41.0718 1232 usbhub - detected UnsignedFile.Multi.Generic (1)
16:33:41.0796 1232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:33:41.0828 1232 usbscan ( UnsignedFile.Multi.Generic ) - warning
16:33:41.0828 1232 usbscan - detected UnsignedFile.Multi.Generic (1)
16:33:41.0921 1232 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
16:33:41.0937 1232 usbser ( UnsignedFile.Multi.Generic ) - warning
16:33:41.0937 1232 usbser - detected UnsignedFile.Multi.Generic (1)
16:33:42.0015 1232 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
16:33:42.0031 1232 UsbserFilt ( UnsignedFile.Multi.Generic ) - warning
16:33:42.0031 1232 UsbserFilt - detected UnsignedFile.Multi.Generic (1)
16:33:42.0140 1232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:33:42.0156 1232 USBSTOR ( UnsignedFile.Multi.Generic ) - warning
16:33:42.0156 1232 USBSTOR - detected UnsignedFile.Multi.Generic (1)
16:33:42.0250 1232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:33:42.0265 1232 usbuhci ( UnsignedFile.Multi.Generic ) - warning
16:33:42.0265 1232 usbuhci - detected UnsignedFile.Multi.Generic (1)
16:33:42.0359 1232 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:33:42.0406 1232 usbvideo ( UnsignedFile.Multi.Generic ) - warning
16:33:42.0406 1232 usbvideo - detected UnsignedFile.Multi.Generic (1)
16:33:42.0515 1232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:33:42.0531 1232 VgaSave ( UnsignedFile.Multi.Generic ) - warning
16:33:42.0531 1232 VgaSave - detected UnsignedFile.Multi.Generic (1)
16:33:42.0593 1232 ViaIde - ok
16:33:42.0656 1232 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:33:42.0671 1232 VolSnap ( UnsignedFile.Multi.Generic ) - warning
16:33:42.0671 1232 VolSnap - detected UnsignedFile.Multi.Generic (1)
16:33:42.0781 1232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:33:42.0781 1232 Wanarp ( UnsignedFile.Multi.Generic ) - warning
16:33:42.0781 1232 Wanarp - detected UnsignedFile.Multi.Generic (1)
16:33:42.0890 1232 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:33:42.0937 1232 Wdf01000 - ok
16:33:43.0031 1232 WDICA - ok
16:33:43.0093 1232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:33:43.0109 1232 wdmaud ( UnsignedFile.Multi.Generic ) - warning
16:33:43.0109 1232 wdmaud - detected UnsignedFile.Multi.Generic (1)
16:33:43.0234 1232 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:33:43.0265 1232 WpdUsb ( UnsignedFile.Multi.Generic ) - warning
16:33:43.0265 1232 WpdUsb - detected UnsignedFile.Multi.Generic (1)
16:33:43.0375 1232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:33:43.0406 1232 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
16:33:43.0406 1232 WSTCODEC - detected UnsignedFile.Multi.Generic (1)
16:33:43.0468 1232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:33:43.0484 1232 WudfPf ( UnsignedFile.Multi.Generic ) - warning
16:33:43.0484 1232 WudfPf - detected UnsignedFile.Multi.Generic (1)
16:33:43.0562 1232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:33:43.0578 1232 WudfRd ( UnsignedFile.Multi.Generic ) - warning
16:33:43.0578 1232 WudfRd - detected UnsignedFile.Multi.Generic (1)
16:33:43.0640 1232 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
16:33:43.0890 1232 \Device\Harddisk0\DR0 - ok
16:33:43.0921 1232 Boot (0x1200) (b4acdcb8fb3fa8fa9756c11a20aff5e7) \Device\Harddisk0\DR0\Partition0
16:33:43.0921 1232 \Device\Harddisk0\DR0\Partition0 - ok
16:33:43.0921 1232 ============================================================
16:33:43.0921 1232 Scan finished
16:33:43.0921 1232 ============================================================
16:33:44.0046 1200 Detected object count: 139
16:33:44.0046 1200 Actual detected object count: 139
16:34:04.0421 1200 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 aec ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 audstub ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0437 1200 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0437 1200 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 dmio ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 dmload ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 E100B ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 E100B ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0453 1200 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0453 1200 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0468 1200 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0468 1200 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 IntelIde ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 IntelIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 Modem ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0484 1200 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0484 1200 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0500 1200 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0500 1200 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0515 1200 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0515 1200 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 nmwcd ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 nmwcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 nmwcdc ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 nmwcdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 Null ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 Parport ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 PCI ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0531 1200 PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0531 1200 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 PSched ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0546 1200 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0546 1200 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 redbook ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 serenum ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0562 1200 sfsync03 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0562 1200 sfsync03 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 SNPSTD3 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 splitter ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 sr ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 streamip ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 swenum ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0578 1200 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0578 1200 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 Update ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 upperdev ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 upperdev ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0593 1200 usbaudio ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0593 1200 usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 usbser ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 usbser ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 UsbserFilt ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 UsbserFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 usbvideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 usbvideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0609 1200 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0609 1200 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0625 1200 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0625 1200 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0625 1200 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0625 1200 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0625 1200 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0625 1200 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0625 1200 WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0625 1200 WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0625 1200 WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0625 1200 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0625 1200 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0625 1200 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:04.0625 1200 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:04.0625 1200 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier das Combo Fix Log:

Combofix Logfile:

Code:

ComboFix 11-10-25.03 - Simon 25.10.2011  16:56:48.1.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1015.689 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Simon\Eigene Dateien\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\Simon\Anwendungsdaten\Help\coredb\storage

c:\dokumente und einstellungen\Simon\WINDOWS

c:\windows\ehome\medctrro.exe

c:\windows\help\tours\htmltour\unlock_playing.htm

c:\windows\IsUn0407.exe

c:\windows\pi.exe

c:\windows\system32\d3d9caps.dat

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-09-25 bis 2011-10-25  ))))))))))))))))))))))))))))))

.

.

2011-10-25 11:40 . 2011-10-25 11:40        --------        d-----w-        C:\_OTL

2011-10-23 13:45 . 2011-10-23 13:45        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Eigene Dateien

2011-10-22 20:25 . 2011-10-22 20:25        --------        d-----w-        c:\programme\ESET

2011-10-20 19:54 . 2011-10-20 19:54        --------        d-----w-        c:\programme\Freeware.de

2011-10-20 19:54 . 2011-10-20 19:54        --------        d-----w-        c:\dokumente und einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Temp

2011-10-20 19:54 . 2011-10-20 19:54        --------        d-----w-        c:\dokumente und einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\Conduit

2011-10-20 19:54 . 2011-10-20 19:54        --------        d-----w-        C:\cannonhill

2011-10-18 21:43 . 2011-10-24 20:16        --------        d-----w-        c:\dokumente und einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\NFS Underground 2

2011-10-18 21:43 . 2011-10-18 21:43        --------        d-----w-        c:\programme\Gemeinsame Dateien\DirectX

2011-10-15 20:33 . 2011-10-15 20:33        --------        d-----w-        c:\dokumente und einstellungen\Simon\Anwendungsdaten\Avira

2011-10-15 20:32 . 2011-10-11 13:00        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-15 20:32 . 2011-10-11 13:00        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-10-15 20:32 . 2011-10-11 13:00        134344        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-10-15 20:32 . 2011-10-15 20:32        --------        d-----w-        c:\programme\Avira

2011-10-15 20:32 . 2011-10-15 20:32        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira

2011-10-10 09:09 . 2011-10-10 09:09        4550304        ----a-w-        c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2011-10-05 07:33 . 2011-10-05 07:33        --------        d-----r-        c:\dokumente und einstellungen\NetworkService\Favoriten

2011-09-29 18:04 . 2011-09-29 18:10        --------        d-----w-        c:\dokumente und einstellungen\Simon\Anwendungsdaten\DeepBurner

2011-09-29 18:04 . 2011-09-29 18:04        --------        d-----w-        c:\programme\Astonsoft

2011-09-29 17:23 . 2011-09-29 17:23        --------        d-----w-        c:\windows\system32\wbem\Repository

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-14 03:22 . 2011-05-17 18:00        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 06:35 . 2011-06-04 17:54        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll

2007-02-21 10:47        31232        -csh--r-        c:\windows\system32\msfDX.dll

2008-03-16 12:30        216064        -csh--r-        c:\windows\system32\nbDX.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

.

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-04 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

.

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

.

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

.

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

.

[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2004-08-04 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

.

[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2004-08-04 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

.

[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll

[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2004-08-04 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

.

[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll

[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2004-08-04 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll

.

[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

[-] 2004-08-04 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

.

[-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2004-08-04 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

.

[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2004-08-04 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

.

[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe

[-] 2004-08-04 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

.

[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

.

[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2004-08-04 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2004-08-04 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

.

[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-04 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

.

[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2004-08-04 12:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll

.

[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2004-08-04 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

.

[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2004-08-04 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

.

[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2004-08-04 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

.

[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll

[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2004-08-04 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

.

[-] 2009-05-13 . CF58DCA3ED911C4C942B941D4ECF6862 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll

[-] 2009-05-13 . CF58DCA3ED911C4C942B941D4ECF6862 . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3QFE\mshtml.dll

[-] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3GDR\mshtml.dll

[-] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\system32\mshtml.dll

[-] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll

[-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll

[-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2004-08-04 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

.

[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2004-08-04 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2004-08-04 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

.

[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2004-08-04 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

.

[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll

[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2004-08-04 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

.

[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2004-08-04 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

.

[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll

[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2004-08-04 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

.

[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll

[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2004-08-04 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

.

[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2004-08-04 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

.

[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2004-08-04 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

.

[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2004-08-04 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

.

[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2004-08-04 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

.

[-] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll

[-] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3QFE\wininet.dll

[-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3GDR\wininet.dll

[-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\system32\wininet.dll

[-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\system32\dllcache\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll

[-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll

[-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2004-08-04 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll

.

[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2004-08-04 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

.

[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll

[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

.

[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-04 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

.

[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe

[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe

[-] 2004-08-04 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe

.

[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll

[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll

[-] 2004-08-04 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll

.

[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll

[-] 2004-08-04 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

.

[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll

[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll

[-] 2002-12-11 23:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\Driver Cache\i386\ksuser.dll

[-] 2002-12-11 23:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll

.

[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

.

[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

.

[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2004-08-04 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

.

[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2004-08-04 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

.

[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-04 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

.

[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll

[-] 2004-08-04 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

.

[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2004-08-04 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

.

[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-04 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

.

[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-04 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

.

[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

.

[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

[-] 2004-08-04 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll

.

[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll

[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2004-08-04 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

.

[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys

[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

.

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

.

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

.

[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll

[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2004-08-04 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

.

[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2004-08-04 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

.

[-] 2008-04-14 02:22 . 6E18978B749F0696A774DE3F2CB142DD . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2004-08-04 12:00 . D68CC4EBF7B03FD770D5962295AD814E . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll

.

[-] 2009-08-04 . C50ED62BB5CDC5AD4F3985ED39C6AE87 . 2068480 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-02-10 . 321917CFF934663C48C1E91A930E5D71 . 2068352 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe

[-] 2009-02-09 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2004-08-04 . CE41FC4C06499A389D39B301879535FB . 2059136 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

.

[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2004-08-04 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

.

[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll

[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2004-08-04 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

.

[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll

[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2004-08-04 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll

[-] 2004-07-09 03:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\dsound.dll

.

[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll

[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[-] 2004-08-04 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

.

[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll

[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2004-08-04 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll

[-] 2004-07-09 03:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\dllcache\ddraw.dll

.

[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll

[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2004-08-04 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

.

[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll

[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2004-08-04 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

.

[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2004-08-04 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

.

[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2009-08-04 . 4B86421F2D85D9A4ECB06885C40B8EEB . 2191616 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[-] 2009-02-10 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2009-02-09 . FEE1600B76B196D9993CD468DA7524F7 . 2191360 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[-] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2004-08-04 . DC888C9C4CA0EEA7A3CB7E6B610F75C7 . 2183296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

.

[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

.

[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll

[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

[-] 2004-08-04 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll

.

[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll

[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2004-08-04 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll

.

[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll

[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2004-08-04 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll

.

[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll

[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2004-08-04 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-08-21 114688]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-10 344064]

"LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2008-09-22 564496]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784]

"DAEMON Tools"="c:\programme\DAEMON Tools\daemon.exe" [2006-09-14 157592]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

"c:\\Programme\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=

"c:\\Programme\\ICQ7.5\\ICQ.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Dokumente und Einstellungen\\Simon\\Eigene Dateien\\Star Trek Klingon Academy\\ka.exe"=

"c:\\Dokumente und Einstellungen\\Simon\\Desktop\\Need4speed Underground 2\\speed2.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

.

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [13.10.2005 15:46 35328]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2010 16:52 691696]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15.10.2011 22:32 36000]

R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.10.2011 22:32 86224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper        REG_MULTI_SZ           getPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]

2009-03-08 02:32        128512        ----a-w-        c:\windows\system32\advpack.dll

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uInternet Connection Wizard,ShellNext = iexplore

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\dokumente und einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\mezz9njm.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-giva.exe - c:\dokumente und einstellungen\Simon\Anwendungsdaten\Ycigy\giva.exe

HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe

AddRemove-FINAL FANTASY VIII - c:\windows\IsUn0407.exe

AddRemove-Klingon Academy - c:\dokumente und einstellungen\Simon\Eigene Dateien\Star Trek Klingon Academy\Uninst.isu

AddRemove-Star Trek Voyager Elite Force - c:\windows\IsUn0407.exe

AddRemove-Tomb Raider II - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-10-25 17:04

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1454471165-2000478354-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:8e,5b,0e,82,6f,c1,78,aa,82,7c,25,ef,67,a0,b5,65,d0,ce,cb,64,41,94,17,

   78,f4,ad,f1,54,21,72,e6,40,8a,32,ca,13,56,6f,02,78,fa,29,3b,21,5c,a4,d9,c9,\

"??"=hex:fe,be,75,61,98,6c,35,fd,67,56,b5,fd,28,12,c9,34

.

[HKEY_USERS\S-1-5-21-1454471165-2000478354-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:53,87,40,f2,a9,c1,22,1b,ab,ee,1d,71,f1,c5,41,c9,42,26,38,02,d6,

   45,4b,7f,60,de,22,14,ff,9b,c7,d4,87,36,34,8b,b7,5e,53,5b,1e,31,04,14,52,11,\

"rkeysecu"=hex:c1,5f,d8,66,fd,e3,e3,c1,bd,74,fa,57,a6,f2,11,9f

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'explorer.exe'(1296)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe

c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\programme\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wscntfy.exe

c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe

c:\programme\iPod\bin\iPodService.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-10-25  17:13:31 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-10-25 15:13

.

Vor Suchlauf: 13 Verzeichnis(se), 56.306.176.000 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 56.293.036.032 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - EF0EA06551F9A897B6A48444F0A232F6

--- --- ---

Edit: Für alles ( bis hierhin und weiter ) danke ich dir , Cosinus/Arne schonmal sehr herzlich !! :dankeschoen::party:

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Hier schonmal das Log von GMER:

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-10-26 15:55:04

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-19JHC0 rev.05.01C05

Running: xumeqjmw.exe; Driver: C:\DOKUME~1\Simon\LOKALE~1\Temp\fwriyfog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT                                                                      F7D00DAC                                                                                                                                               ZwClose

SSDT                                                                      F7D00D66                                                                                                                                               ZwCreateKey

SSDT                                                                      F7D00DB6                                                                                                                                               ZwCreateSection

SSDT                                                                      F7D00D5C                                                                                                                                               ZwCreateThread

SSDT                                                                      F7D00D6B                                                                                                                                               ZwDeleteKey

SSDT                                                                      F7D00D75                                                                                                                                               ZwDeleteValueKey

SSDT                                                                      F7D00DA7                                                                                                                                               ZwDuplicateObject

SSDT                                                                      spse.sys                                                                                                                                               ZwEnumerateKey [0xF750EDA4]

SSDT                                                                      spse.sys                                                                                                                                               ZwEnumerateValueKey [0xF750F132]

SSDT                                                                      F7D00D7A                                                                                                                                               ZwLoadKey

SSDT                                                                      spse.sys                                                                                                                                               ZwOpenKey [0xF74F60C0]

SSDT                                                                      F7D00D48                                                                                                                                               ZwOpenProcess

SSDT                                                                      F7D00D4D                                                                                                                                               ZwOpenThread

SSDT                                                                      spse.sys                                                                                                                                               ZwQueryKey [0xF750F20A]

SSDT                                                                      F7D00DCF                                                                                                                                               ZwQueryValueKey

SSDT                                                                      F7D00D84                                                                                                                                               ZwReplaceKey

SSDT                                                                      F7D00DC0                                                                                                                                               ZwRequestWaitReplyPort

SSDT                                                                      F7D00D7F                                                                                                                                               ZwRestoreKey

SSDT                                                                      F7D00DBB                                                                                                                                               ZwSetContextThread

SSDT                                                                      F7D00DC5                                                                                                                                               ZwSetSecurityObject

SSDT                                                                      F7D00D70                                                                                                                                               ZwSetValueKey

SSDT                                                                      F7D00DCA                                                                                                                                               ZwSystemDebugControl

SSDT                                                                      F7D00D57                                                                                                                                               ZwTerminateProcess
 

INT 0x62                                                                  ?                                                                                                                                                      863DABF8

INT 0x63                                                                  ?                                                                                                                                                      8601EF00

INT 0x82                                                                  ?                                                                                                                                                      863DABF8

INT 0x83                                                                  ?                                                                                                                                                      8601EF00

INT 0x83                                                                  ?                                                                                                                                                      8601EF00

INT 0xA4                                                                  ?                                                                                                                                                      8601EF00

INT 0xB4                                                                  ?                                                                                                                                                      8601EF00
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text                                                                     ntoskrnl.exe!_abnormal_termination + 169                                                                                                               804E27C5 3 Bytes  [ED, 50, F7]

?                                                                         spse.sys                                                                                                                                               Das System kann die angegebene Datei nicht finden. !

.sfrelocÿÿÿÿsfsync03unknown last section [0xF7636000, 0xA20, 0x40000040]  C:\WINDOWS\system32\drivers\sfsync03.sys                                                                                                               unknown last section [0xF7636000, 0xA20, 0x40000040]

.text                                                                     USBPORT.SYS!DllUnload                                                                                                                                  F689A8AC 5 Bytes  JMP 8601E4E0 

?                                                                         System32\Drivers\azpxowka.SYS                                                                                                                          Das System kann den angegebenen Pfad nicht finden. !
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT                                                                       \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                     8636F2D8

IAT                                                                       pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                                                   [F7521DDC] spse.sys

IAT                                                                       pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                                                      [F7521E30] spse.sys

IAT                                                                       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                     [F74F7042] spse.sys

IAT                                                                       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                             [F74F713E] spse.sys

IAT                                                                       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                                    [F74F70C0] spse.sys

IAT                                                                       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                            [F74F7800] spse.sys

IAT                                                                       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                    [F74F76D6] spse.sys

IAT                                                                       \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                   8601E5E0

IAT                                                                       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                     [F7506B90] spse.sys
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT                                                                       C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\xumeqjmw.exe[1308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]           [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\xumeqjmw.exe[1308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]  [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\xumeqjmw.exe[1308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\Dokumente und Einstellungen\Simon\Eigene Dateien\Downloads\xumeqjmw.exe[1308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]      [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\WINDOWS\Explorer.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                              [02372F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\WINDOWS\Explorer.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                                     [02372CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\WINDOWS\Explorer.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                                   [02372D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\WINDOWS\Explorer.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                         [02372CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                       [003D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]              [003D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                            [003D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT                                                                       C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                  [003D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
 

---- Devices - GMER 1.0.15 ----
 

Device                                                                    \FileSystem\Ntfs \Ntfs                                                                                                                                 863D91F8

Device                                                                    \FileSystem\Fastfat \FatCdrom                                                                                                                          85DAD500

Device                                                                    \FileSystem\Udfs \UdfsCdRom                                                                                                                            8607F360

Device                                                                    \FileSystem\Udfs \UdfsDisk                                                                                                                             8607F360

Device                                                                    \Driver\usbuhci \Device\USBPDO-0                                                                                                                       861F51F8

Device                                                                    \Driver\PCI_PNP7652 \Device\00000044                                                                                                                   spse.sys

Device                                                                    \Driver\PCI_PNP7652 \Device\00000044                                                                                                                   spse.sys

Device                                                                    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                                              8636D1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmConfig                                                                                                                8636D1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmPnP                                                                                                                   8636D1F8

Device                                                                    \Driver\dmio \Device\DmControl\DmInfo                                                                                                                  8636D1F8

Device                                                                    \Driver\usbuhci \Device\USBPDO-1                                                                                                                       861F51F8

Device                                                                    \Driver\usbuhci \Device\USBPDO-2                                                                                                                       861F51F8

Device                                                                    \Driver\usbuhci \Device\USBPDO-3                                                                                                                       861F51F8

Device                                                                    \Driver\usbehci \Device\USBPDO-4                                                                                                                       861F41F8

Device                                                                    \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                 863DB1F8

Device                                                                    \Driver\Cdrom \Device\CdRom0                                                                                                                           860041F8

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17                                                                                                           [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17                                                                                                           sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                                            [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                                            sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \Driver\atapi \Device\Ide\IdePort0                                                                                                                     [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort0                                                                                                                     sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \Driver\atapi \Device\Ide\IdePort1                                                                                                                     [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdePort1                                                                                                                     sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f                                                                                                            [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device                                                                    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f                                                                                                            sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \Driver\Cdrom \Device\CdRom1                                                                                                                           860041F8

Device                                                                    \Driver\Cdrom \Device\CdRom2                                                                                                                           860041F8

Device                                                                    \Driver\Cdrom \Device\CdRom3                                                                                                                           860041F8

Device                                                                    \Driver\Cdrom \Device\CdRom4                                                                                                                           860041F8

Device                                                                    \Driver\Cdrom \Device\CdRom5                                                                                                                           860041F8

Device                                                                    \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                863321F8

Device                                                                    \Driver\NetBT \Device\NetbiosSmb                                                                                                                       863321F8

Device                                                                    \Driver\sptd \Device\754443902                                                                                                                         spse.sys

Device                                                                    \Driver\sptd \Device\754443902                                                                                                                         spse.sys

Device                                                                    \Driver\usbuhci \Device\USBFDO-0                                                                                                                       861F51F8

Device                                                                    \Driver\usbuhci \Device\USBFDO-1                                                                                                                       861F51F8

Device                                                                    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                      85D911F8

Device                                                                    \Driver\usbuhci \Device\USBFDO-2                                                                                                                       861F51F8

Device                                                                    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                            85D911F8

Device                                                                    \Driver\usbuhci \Device\USBFDO-3                                                                                                                       861F51F8

Device                                                                    \Driver\usbehci \Device\USBFDO-4                                                                                                                       861F41F8

Device                                                                    \Driver\Ftdisk \Device\FtControl                                                                                                                       863DB1F8

Device                                                                    \Driver\NetBT \Device\NetBT_Tcpip_{293D4BF7-24FC-4BF8-BF9C-B28219D622E8}                                                                               863321F8

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target2Lun0                                                                                           85FFE1F8

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target2Lun0                                                                                           sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target0Lun0                                                                                           85FFE1F8

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target0Lun0                                                                                           sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1                                                                                                                85FFE1F8

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1                                                                                                                sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target1Lun0                                                                                           85FFE1F8

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target1Lun0                                                                                           sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target3Lun0                                                                                           85FFE1F8

Device                                                                    \Driver\azpxowka \Device\Scsi\azpxowka1Port2Path0Target3Lun0                                                                                           sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device                                                                    \FileSystem\Fastfat \Fat                                                                                                                               85DAD500
 

AttachedDevice                                                            \FileSystem\Fastfat \Fat                                                                                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

Device                                                                    \FileSystem\Cdfs \Cdfs                                                                                                                                 8602F398
 

---- Registry - GMER 1.0.15 ----
 

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                     771343423

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                     285507792

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                     2

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                       

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                    0x00 0x00 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                    0

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                 0xD8 0x09 0x9C 0xEB ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                       

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                    C:\Programme\DAEMON Tools\

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                    1

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                 0x5F 0xDC 0xAF 0x22 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                              

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                           0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                        0x46 0x08 0xD3 0xB8 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                        

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                  0xCC 0xBA 0x5C 0x48 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                                                        

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                                  0x6F 0x72 0x4E 0x36 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                                                        

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                                                  0xF0 0x3A 0xA6 0x55 ...

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                                                        

Reg                                                                       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                                                  0x5E 0x09 0x18 0x1E ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                   

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                        0x00 0x00 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                        0

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                     0xD8 0x09 0x9C 0xEB ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                   

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                        C:\Programme\DAEMON Tools\

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                        1

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                     0x5F 0xDC 0xAF 0x22 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                          

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                               0x20 0x01 0x00 0x00 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                            0x46 0x08 0xD3 0xB8 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                    

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                      0xCC 0xBA 0x5C 0x48 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)                                    

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                                      0x6F 0x72 0x4E 0x36 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)                                    

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                                                      0xF0 0x3A 0xA6 0x55 ...

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)                                    

Reg                                                                       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                                                      0x5E 0x09 0x18 0x1E ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Der alarm von Antivir beim entpacken von OSAM als TR/ Gendal ist also Fehlalarm?