Facebook-Virus

madie2712 · 07.10.2011, 14:28

Hallo zusammen,

wie so viele andere hab auch ich es geschafft mir den "Facebook-Virus" zu holen.
Eine Freundin hat mir ganz harmlos eine vermeintliche Bilddatei per Facebook-message geschickt und ich bin drauf gegangen. Dumm wie ich war hab ich den Virus(hxxp://www.allezdax.com/images/img.php?image=IMG0085976472940.JPG) dann auch runtergeladen. Getarnt hat er sich dann als Bildschirmschoner (.src). Kurz darauf hat er sich per Facebook an alle meine Freunde von selbst weitergeschickt. Daraufhin wusste ich dass etwas faul war. Freunde von mir warnten auf FB vor dem Link und sagten es wäre ein Trojaner. Doch für mich kam diese warnung leider schon zu spät. Das erste was ich machte war dass ich die heruntergeladene datei gelöscht habe. Trotzdem verschickte sich der virus alle paar minuten selbst über facebook. Ich schaute also in meinen task-manager und sah einige prozesse die mir komisch vorkamen. Zum Beispiel: 7090972.exe. Ich löschte die Prozesse im Taskmanager doch sie tauchten immer wieder neu auf (unter anderen zahlenkombinationen). Sie waren unter C:\Users\Marco\AppData\Local\Temp abgespeichert . Dort hab ich sie dann auch gelöscht doch es tauchten immer wieder neue auf. Auch den Windows defender hab ich drüberlaufen lassen und zweimal hat er folgenden virus gefunden und in quarantäne verschoben: Trojan:Win32/Alureon.DX. Ich war aber immer noch nicht sicher ob das jetzt schon alles war. Von einem Freund hörte ich dass er sich gerne in den autorun kopiert. Also habe ich dort nachgesehen und wurde auch sofort fündig. Der Prozess hatte genau das gleiche Symbol wie die Prozesse die ich vorher im Task-Manager gelöscht hatte. Er hieß: winsvc.exe. Den hab ich dann auch gegoogelt und rausgefunden dass es ein relativ bekannter icq virus ist. Hilfreich fand ich vorallem das: hxxp://forum.chip.de/viren-trojaner-wuermer/infos-icq-messenger-wurm-schau-dir-mal-foto-1372924.html . Daraufhin habe ich dann die datei aus dem autorun gelöscht und geschaut wo sie gespeichert war. Ich habe meine versteckten dateien anzeigen lassen und die winsvc.exe und den dazugehörigen ordner (C:\Users\Marco\M-1-52-5782-8752-5245) gelöscht. Auch im taskmanager war die winsvc.exe. Dort habe ich ihn auch gelöscht. In der autostartinfo stand folgendes:

Beschreibung: Nicht verfügbar
Herausgeber:
Digital signiert von: NICHT SIGNIERT
Dateityp: Anwendung
Startwert: C:\Users\Marco\M-1-52-5782-8752-5245\winsvc.exe
Dateipfad: C:\Users\Marco\M-1-52-5782-8752-5245\winsvc.exe
Dateigröße: 86016
Dateiversion: 2, 0, 0, 0
Installationsdatum: 05.10.2011 15:54:02
Starttyp: Registrierung: Aktueller Benutzer
Speicherort: Software\Microsoft\Windows\CurrentVersion\Run
Klassifizierung: Noch nicht klassifiziert
Im Betriebssystem enthalten: Nein
SpyNet-Abstimmung: Nicht verfügbar

Ja heute hab ich dann meinen pc angemacht, habe keine winsvc.exe mehr gefunden und auch den ordner, in der sie abgespeichert war, gibt es nicht mehr. Ich bin dann auch auf fb um zu schauen ob ich die links immer noch automatisch verschicke, doch das tue ich nun nicht mehr.

Meine Frage ist: Hab ich den virus noch und merke es nicht oder bin ich von ihm befreit? Wenn ich ihn noch habe, gibt es eine Chance ihn ohne das Formatieren der Festplatte los zu werden, oder ist das nicht möglich..
Mein PC funktioniert bis jetzt einwandfrei, im Gegensatz zu anderen bei denen garnichts mehr funktioniert. Eigentlich müsste mein Antivirenprogramm(Avira AntiVir Personal Free) doch verhindern dass ich einen Trojaner überhaupt runterlade oder?

Außerdem bin ich noch skeptisch was einen weiteren Prozess in meinem Task_Manager betrifft. Er heißt nvvsvc.exe. Eigentlich ist es ja ein Treiber von nvidia doch als ich ihn gegoogelt habe habe ich auch mitbekommen dass es ein trojaner sein könnte (hxxp://www.datei.info/was_ist/nvvsvc_exe.html). Daraufhin hab ich mir den security taskmanager (testversion) geholt und nachgeschaut. Dieser hat 2 nvvsvc.exe(n) gefunden. Eine davon hab ich überprüft, aber es wurde nichts gefunden! Außerdem wurden die Dateien seit april 2010 nicht mehr geändert. Ich geh mal davon aus, dass sie keine gefahr darstellen oder?

Ich hab mein Problem jetzt so genau wie möglich beschrieben und hoffe ihr könnt mir helfen. Mir geht es vorallem darum herauszufinden ob mein PC noch infiziert ist!

Vielen Dank im Vorraus,

Gruß Marco

cosinus · 07.10.2011, 16:38

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

madie2712 · 07.10.2011, 21:35

hey,

vielen dank schon mal für die Antwort. Ich hab Malwarebytes jetzt laufen lassen und es wurden 24 viren gefunden. Hier die log datei:

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7894

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

07.10.2011 22:29:29
mbam-log-2011-10-07 (22-29-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 434166
Laufzeit: 4 Stunde(n), 43 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 16

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Marco\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\34EXUOXS\stat[1].exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\CFHD0OZ3\stl[1].exe (Trojan.Agent) -> No action taken.
c:\Users\Marco\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\WT6QTOVU\st[1].exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Y8NP1XUO\m[1].exe (Trojan.Agent) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\B37.tmp (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\setup4148544652.exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\9560740.exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\setup1303006524.exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\setup2656064360.exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\setup2901868296.exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\setup3107147840.exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\setup3370872924.exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\setup3767089928.exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\setup497320560.exe (Rootkit.TDSS) -> No action taken.
c:\Users\Marco\AppData\Local\Temp\setup961495652.exe (Rootkit.TDSS) -> No action taken.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Die 24 Viren werde ich jetzt entfernen...

madie2712 · 07.10.2011, 21:45

Hier die neue logfile:

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7894

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

07.10.2011 22:37:29
mbam-log-2011-10-07 (22-37-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 434166
Laufzeit: 4 Stunde(n), 43 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 16

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Marco\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\34EXUOXS\stat[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\CFHD0OZ3\stl[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\WT6QTOVU\st[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Y8NP1XUO\m[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\B37.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\setup4148544652.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\9560740.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\setup1303006524.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\setup2656064360.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\setup2901868296.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\setup3107147840.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\setup3370872924.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\setup3767089928.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\setup497320560.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Local\Temp\setup961495652.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

madie2712 · 08.10.2011, 13:14

und hier die eset logfile:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=9649eea70708a147b5268da8c887fa4f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-07 10:27:43
# local_time=2011-10-08 12:27:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 138407 54554056 93479 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 840 155553528 0 0
# compatibility_mode=8192 67108863 100 0 117 117 0 0
# scanned=168907
# found=2
# cleaned=0
# scan_time=5662
C:\Program Files\ICQ Away Reader\ICQ Away Reader.exe probably a variant of Win32/VB.NPY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Marco\AppData\Local\Temp\OCS\27\ICQ Away Reader 1.4 Setup.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=9649eea70708a147b5268da8c887fa4f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-08 12:07:01
# local_time=2011-10-08 02:07:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 178538 54594187 133610 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 415 155593659 0 0
# compatibility_mode=8192 67108863 100 0 40248 40248 0 0
# scanned=279664
# found=2
# cleaned=0
# scan_time=14690
C:\Program Files\ICQ Away Reader\ICQ Away Reader.exe probably a variant of Win32/VB.NPY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Marco\AppData\Local\Temp\OCS\27\ICQ Away Reader 1.4 Setup.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

cosinus · 08.10.2011, 17:16

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

madie2712 · 09.10.2011, 16:16

Hier das OTL.txt von heute mittag:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.10.2011 15:08:35 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Marco\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,22% Memory free
4,23 Gb Paging File | 3,13 Gb Available in Paging File | 73,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 92,67 Gb Free Space | 42,82% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 85,77 Gb Free Space | 79,99% Space Free | Partition Type: NTFS
 
Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.09 15:04:40 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
PRC - [2011.07.04 16:39:13 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.07.04 16:39:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.01 13:49:26 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.06.22 14:21:11 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011.04.28 14:33:24 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.12.06 17:48:53 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009.10.19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2009.07.07 19:49:20 | 000,040,960 | ---- | M] () -- C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.27 12:44:02 | 001,126,400 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2005.12.20 10:06:54 | 000,323,584 | ---- | M] () -- C:\Program Files\Office-Bibliothek\PCLib.exe
PRC - [2002.10.15 19:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (C-Media Electronics, Inc.)) -- C:\Windows\mixer.exe
PRC - [2001.01.04 13:22:40 | 000,135,168 | ---- | M] () -- C:\Windows\System32\TXTUSER.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.03 10:56:44 | 000,315,392 | ---- | M] () -- C:\Program Files\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009.10.19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files\D-Link\DWA-125 revA\WlanApp.dll
MOD - [2008.03.27 12:44:02 | 001,126,400 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
MOD - [2008.03.27 12:43:24 | 000,069,632 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\MonitorGerRes.dll
MOD - [2008.03.27 12:43:20 | 000,049,152 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\MSGHOOK.dll
MOD - [2008.03.27 12:43:16 | 000,090,112 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\ACRHOOK.dll
MOD - [2008.03.27 12:43:14 | 000,122,880 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\ApplicationManager.dll
MOD - [2008.03.27 12:42:58 | 000,077,824 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\ProtocolEngine.dll
MOD - [2008.03.27 12:42:52 | 000,163,840 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\DeviceManager.dll
MOD - [2008.03.27 12:42:46 | 000,077,824 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\ErrorHandler.dll
MOD - [2006.02.09 11:03:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Office-Bibliothek\OLEACC.dll
MOD - [2005.12.20 10:06:54 | 000,323,584 | ---- | M] () -- C:\Program Files\Office-Bibliothek\PCLib.exe
MOD - [2005.12.20 10:06:54 | 000,176,128 | ---- | M] () -- C:\Program Files\Office-Bibliothek\PAGOFFBIB.dll
MOD - [2001.03.12 18:02:08 | 000,045,056 | ---- | M] () -- C:\Program Files\Office-Bibliothek\KDMod.dll
MOD - [2001.03.07 15:09:14 | 000,049,152 | ---- | M] () -- C:\Program Files\Office-Bibliothek\KDHook.dll
MOD - [2001.01.17 09:50:28 | 000,266,310 | ---- | M] () -- C:\Program Files\Office-Bibliothek\activepg.dll
MOD - [2001.01.04 13:22:40 | 000,135,168 | ---- | M] () -- C:\Windows\System32\TXTUSER.EXE
MOD - [1999.12.16 10:33:34 | 000,032,768 | ---- | M] () -- C:\Program Files\Office-Bibliothek\KapKey.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.04 16:39:13 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.07.04 16:39:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.04.28 14:33:24 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.08.21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009.07.07 19:49:20 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.04 16:39:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 16:39:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.05.20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.03.04 13:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.09.15 13:47:44 | 000,798,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009.03.13 20:28:11 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.13 19:34:11 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.03.13 19:34:10 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.03.06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.27 12:42:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2008.03.27 12:42:46 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2002.11.18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.4.15
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://localhost:9100/proxy.pac"
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marco\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marco\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.22 14:21:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.01 17:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.22 14:22:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.20 10:21:16 | 000,000,000 | ---D | M]
 
[2008.07.02 18:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions
[2011.10.06 19:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\vwpkr5y2.default\extensions
[2011.04.07 17:57:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\vwpkr5y2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.01 17:23:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\vwpkr5y2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.08.20 09:50:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\vwpkr5y2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.24 22:38:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\vwpkr5y2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.09.17 13:58:10 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\vwpkr5y2.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011.08.20 09:50:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\vwpkr5y2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.26 18:56:44 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\vwpkr5y2.default\extensions\toolbar@ask.com
[2011.10.07 22:51:52 | 000,000,950 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\vwpkr5y2.default\searchplugins\icqplugin-1.xml
[2011.08.21 06:03:31 | 000,000,950 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\vwpkr5y2.default\searchplugins\icqplugin-2.xml
[2011.07.24 18:27:39 | 000,001,056 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\vwpkr5y2.default\searchplugins\icqplugin.xml
[2011.05.08 11:50:51 | 000,002,306 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\vwpkr5y2.default\searchplugins\wot-safe-search.xml
[2011.09.12 13:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.07.20 15:20:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.12 10:32:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.29 11:52:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.09.12 13:59:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.04.07 18:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2011.04.07 18:22:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\MARCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWPKR5Y2.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011.07.01 17:23:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.01 17:22:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.01 17:22:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.07.01 17:22:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.01 17:22:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.01 17:22:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.07.01 17:22:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
CHR - Extension: No name found = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: No name found = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\CRX_INSTALL\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ecosia Class) - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Program Files\Ecosia\ecosia.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ecosia Search) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Program Files\Ecosia\ecosia.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe File not found
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PacificPoker4\pacificpoker.exe (Cassava Ent.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8070E2F1-39F7-41C4-A3BA-6F3CF1A2778D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{876D2F1B-9044-4E3B-9B44-1D7B26C597C1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A1D3158-0FDB-49BF-903C-48BBF159B74E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF125BE6-65A0-4475-B134-D983EA723FDE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marco\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marco\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{102b8fa8-b62e-11dc-ba42-0019214bf90b}\Shell - "" = AutoRun
O33 - MountPoints2\{102b8fa8-b62e-11dc-ba42-0019214bf90b}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\{48040901-5a83-11df-9543-0019214bf90b}\Shell - "" = AutoRun
O33 - MountPoints2\{48040901-5a83-11df-9543-0019214bf90b}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{9b6bb017-72ea-11df-8ca6-1caff76ceeda}\Shell\AutoRun\command - "" = K:\cdrun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Marco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaMusic FastStart - hkey= - key= - C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: recinfo566 - hkey= - key= - c:\RecInfo\RecInfo.exe ()
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{92e1da6e-1c89-4e33-a216-35e1f2730501} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.09 15:04:40 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
[2011.10.07 22:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.07 22:50:47 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Marco\Desktop\esetsmartinstaller_enu.exe
[2011.10.07 15:55:34 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Malwarebytes
[2011.10.07 15:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.07 15:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.07 15:54:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.07 15:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.07 14:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.10.07 14:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.10.07 14:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011.10.05 17:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011.10.03 16:28:33 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\AskToolbar
[2011.09.12 14:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008.03.08 20:49:30 | 001,581,056 | ---- | C] (C-Media Electronic Inc. (C-Media Electronics, Inc.)) -- C:\Program Files\MIXER.EXE
[2008.03.08 20:49:30 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\Program Files\CRLDS3D.DLL
[2008.03.08 20:49:30 | 000,712,704 | ---- | C] (Sensaura Ltd) -- C:\Program Files\AUDIO3D.DLL
[2008.03.08 20:49:30 | 000,379,726 | ---- | C] (C-Media Inc) -- C:\Program Files\CMAUDIO.SYS
[2008.03.08 20:49:30 | 000,139,264 | ---- | C] (C-Media Electronics Inc.) -- C:\Program Files\CMUNINST.EXE
[2008.03.08 20:49:30 | 000,135,168 | ---- | C] (C-Media Electronics Inc.) -- C:\Program Files\CMUNINST.DAT
[2008.03.08 20:49:30 | 000,032,768 | ---- | C] (C-Media Corporation) -- C:\Program Files\CMNPROP.DLL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.09 15:09:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.09 15:04:40 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
[2011.10.09 15:04:22 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{8A1D3158-0FDB-49BF-903C-48BBF159B74E}
[2011.10.09 15:04:22 | 000,003,284 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\ANIWZCS{8A1D3158-0FDB-49BF-903C-48BBF159B74E}
[2011.10.09 14:52:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.09 14:52:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.09 14:50:59 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3031781222-362818493-2526903559-1000UA.job
[2011.10.09 14:09:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.09 12:53:10 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME
[2011.10.09 12:53:03 | 000,052,741 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.10.09 12:53:03 | 000,052,741 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.10.09 12:52:51 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{8A1D3158-0FDB-49BF-903C-48BBF159B74E}
[2011.10.09 12:52:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.09 12:52:35 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.07 22:53:13 | 000,052,846 | ---- | M] () -- C:\Users\Marco\Documents\virus2.JPG
[2011.10.07 22:50:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Marco\Desktop\esetsmartinstaller_enu.exe
[2011.10.07 20:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3031781222-362818493-2526903559-1000Core.job
[2011.10.07 15:54:40 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.07 14:52:13 | 000,002,088 | ---- | M] () -- C:\Users\Marco\Desktop\Google Chrome.lnk
[2011.10.06 18:11:40 | 000,126,395 | ---- | M] () -- C:\Users\Marco\Documents\virus.JPG
[2011.10.05 17:48:11 | 000,755,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.05 17:48:11 | 000,715,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.05 17:48:11 | 000,177,310 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.05 17:48:11 | 000,150,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.27 22:54:41 | 000,044,544 | ---- | M] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.07 22:53:08 | 000,052,846 | ---- | C] () -- C:\Users\Marco\Documents\virus2.JPG
[2011.10.07 15:54:40 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.06 18:11:38 | 000,126,395 | ---- | C] () -- C:\Users\Marco\Documents\virus.JPG
[2011.10.05 15:54:28 | 000,073,728 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\chrtmp
[2010.08.03 20:27:12 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.07.15 20:49:23 | 000,000,093 | ---- | C] () -- C:\Users\Marco\AppData\Local\fusioncache.dat
[2010.06.21 17:36:22 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2010.06.21 17:36:22 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2010.06.21 17:36:17 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.06.03 10:58:52 | 000,003,284 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\ANIWZCS{8A1D3158-0FDB-49BF-903C-48BBF159B74E}
[2010.06.03 10:53:38 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010.06.03 10:53:38 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2010.04.24 17:48:09 | 000,052,741 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.04.24 17:48:07 | 000,052,741 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.24 16:54:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.04.24 16:52:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.04.24 16:52:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.20 18:01:43 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.24 10:34:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.03.13 19:34:11 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.03.13 19:34:10 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.03 14:34:29 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.09.21 14:42:55 | 000,017,089 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\UserTile.png
[2008.07.31 09:35:39 | 000,002,032 | ---- | C] () -- C:\Users\Marco\AppData\Local\d3d9caps.dat
[2008.04.19 19:32:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.03.08 20:49:30 | 000,011,917 | ---- | C] () -- C:\Program Files\GMUSES.INF
[2008.03.08 20:31:22 | 000,039,260 | ---- | C] () -- C:\Windows\cmijack.dat
[2008.03.08 20:31:22 | 000,022,337 | ---- | C] () -- C:\Windows\cmaudio.dat
[2008.01.13 11:13:22 | 000,024,388 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\.googlewebacchosts
[2008.01.01 17:56:54 | 000,044,544 | ---- | C] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.29 19:01:11 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2007.12.25 16:06:42 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007.12.25 10:52:46 | 000,000,262 | ---- | C] () -- C:\Windows\game.ini
[2007.12.24 19:44:54 | 000,135,168 | ---- | C] () -- C:\Windows\System32\TXTUSER.EXE
[2006.11.02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 17:33:31 | 000,755,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,177,310 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,276,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,715,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,150,934 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== LOP Check ==========
 
[2007.12.24 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\10 Finger BreakOut
[2010.07.11 22:22:01 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Ahnenblatt
[2008.07.01 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\App Launcher Gadget
[2010.07.01 17:59:17 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\concept design
[2011.05.29 16:18:42 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Diercke Globus Online
[2011.02.15 17:47:35 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\elsterformular
[2011.10.07 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ICQ
[2008.01.11 16:21:41 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ICQ Toolbar
[2010.03.07 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\kikin
[2009.11.24 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Nokia
[2009.11.24 17:13:11 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Nokia Ovi Suite
[2010.01.15 16:12:16 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Notepad++
[2010.04.01 10:10:54 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\OpenOffice.org
[2010.11.28 12:21:09 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Opera
[2009.11.24 17:22:26 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\PC Suite
[2008.06.25 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\PeerNetworking
[2010.12.29 14:46:18 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Ubisoft
[2011.10.08 16:53:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2007.12.24 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\10 Finger BreakOut
[2008.01.07 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Adobe
[2010.07.11 22:22:01 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Ahnenblatt
[2008.07.01 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\App Launcher Gadget
[2008.03.15 20:12:42 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Apple Computer
[2010.12.02 14:21:43 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Avira
[2009.05.21 17:18:06 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\AVS4YOU
[2010.07.01 17:59:17 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\concept design
[2008.03.05 15:01:35 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\COREL
[2011.05.29 16:18:42 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Diercke Globus Online
[2011.02.15 17:47:35 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\elsterformular
[2008.01.13 11:09:07 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Google
[2009.03.13 20:43:40 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Hamachi
[2011.10.07 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ICQ
[2008.01.11 16:21:41 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\ICQ Toolbar
[2007.12.24 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Identities
[2007.12.24 20:36:14 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\InstallShield
[2010.03.07 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\kikin
[2007.12.24 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Macromedia
[2011.10.07 15:55:34 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Media Center Programs
[2010.09.16 18:19:07 | 000,000,000 | --SD | M] -- C:\Users\Marco\AppData\Roaming\Microsoft
[2009.04.04 13:15:53 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Move Networks
[2008.07.02 18:52:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Mozilla
[2008.04.18 16:30:51 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Nero
[2009.11.24 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Nokia
[2009.11.24 17:13:11 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Nokia Ovi Suite
[2010.01.15 16:12:16 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Notepad++
[2010.04.01 10:10:54 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\OpenOffice.org
[2010.04.01 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\OpenOffice.org2
[2010.11.28 12:21:09 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Opera
[2009.11.24 17:22:26 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\PC Suite
[2008.06.25 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\PeerNetworking
[2011.06.22 14:23:34 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Real
[2011.04.03 17:34:41 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Skype
[2011.04.03 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\skypePM
[2008.01.22 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\teamspeak2
[2010.05.08 11:31:22 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\U3
[2010.12.29 14:46:18 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Ubisoft
 
< %APPDATA%\*.exe /s >
[2010.06.01 14:52:59 | 000,706,630 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Ahnenblatt\unins000.exe
[2009.02.12 20:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009.04.04 13:15:53 | 000,034,062 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2010.08.16 21:34:20 | 000,184,856 | ---- | M] (kikin) -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\vwpkr5y2.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\KikinCrashReporter.exe
[2010.07.09 10:42:45 | 069,222,840 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
[2011.01.23 19:05:01 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marco\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.06.18 19:45:56 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marco\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe
[2011.06.18 22:46:33 | 026,472,592 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marco\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_data\RealPlayer_de.exe
[2011.06.18 22:46:11 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marco\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_exe\RealPlayer_de.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Marco\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.11.08 14:38:42 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007.11.08 14:38:42 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2007.11.08 15:33:55 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_37a5f048\atapi.sys
[2007.11.08 15:33:55 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20658_none_dbad770d3da236bb\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 18:13:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 18:13:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 18:13:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.14 18:13:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.08 14:11:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20587_none_cb8c4940898e24a6\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2007.11.08 14:13:38 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2007.11.08 14:13:38 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.11.08 13:15:41 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.11.08 13:15:39 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.11.08 13:15:41 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.11.08 13:15:47 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.11.08 13:15:48 | 006,021,120 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

cosinus · 10.10.2011, 11:42

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ecosia Search) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Program Files\Ecosia\ecosia.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{102b8fa8-b62e-11dc-ba42-0019214bf90b}\Shell - "" = AutoRun
O33 - MountPoints2\{102b8fa8-b62e-11dc-ba42-0019214bf90b}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\{48040901-5a83-11df-9543-0019214bf90b}\Shell - "" = AutoRun
O33 - MountPoints2\{48040901-5a83-11df-9543-0019214bf90b}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{9b6bb017-72ea-11df-8ca6-1caff76ceeda}\Shell\AutoRun\command - "" = K:\cdrun.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

madie2712 · 10.10.2011, 21:51

hallo,

ich habe es eigentlich genauso gemacht, wie oben beschrieben. Aber vista gibt nach einigen minuten ne fehlermeldung raus. so nach dem Motto: " OTL funktioniert nicht mehr".
außerdem stürzt meine explorer.exe während des ausführens ab... oder ist das beabsichtigt? (hab sie mim task manager wieder ausführen lassen).

Vielen Dank schon mal,

Gruß Marco

cosinus · 11.10.2011, 09:55

Zitat:

Aber vista gibt nach einigen minuten ne fehlermeldung raus. so nach dem Motto: " OTL funktioniert nicht mehr"

OTL wurde auch ganz sicher per Rechtsklick => als Administrator ausführen gestartet?

madie2712 · 11.10.2011, 19:39

hallo,

komischerweise hat es nun doch geklappt obwohl ich mir sicher war das ich otl als administrator ausgeführt habe. Hier das logfile:

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493}\ not found.
File C:\Program Files\Ecosia\ecosia.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{102b8fa8-b62e-11dc-ba42-0019214bf90b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{102b8fa8-b62e-11dc-ba42-0019214bf90b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{102b8fa8-b62e-11dc-ba42-0019214bf90b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{102b8fa8-b62e-11dc-ba42-0019214bf90b}\ not found.
File K:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48040901-5a83-11df-9543-0019214bf90b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48040901-5a83-11df-9543-0019214bf90b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48040901-5a83-11df-9543-0019214bf90b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48040901-5a83-11df-9543-0019214bf90b}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b6bb017-72ea-11df-8ca6-1caff76ceeda}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b6bb017-72ea-11df-8ca6-1caff76ceeda}\ not found.
File K:\cdrun.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marco
->Temp folder emptied: 34319 bytes
->Temporary Internet Files folder emptied: 190142 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 419960 bytes
->Flash cache emptied: 1061 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 298388806 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 285,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10112011_203138

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 11.10.2011, 20:41

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

madie2712 · 12.10.2011, 14:29

kapersky hat 6 viren gefunden. Ich habe sie gelöscht. Ich hoffe das ist der richtige report:

Zitat:

15:26:57.0282 6060 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
15:26:58.0156 6060 ============================================================
15:26:58.0156 6060 Current date / time: 2011/10/12 15:26:58.0156
15:26:58.0156 6060 SystemInfo:
15:26:58.0156 6060
15:26:58.0156 6060 OS Version: 6.0.6002 ServicePack: 2.0
15:26:58.0156 6060 Product type: Workstation
15:26:58.0156 6060 ComputerName: MARCO-PC
15:26:58.0157 6060 UserName: Marco
15:26:58.0157 6060 Windows directory: C:\Windows
15:26:58.0157 6060 System windows directory: C:\Windows
15:26:58.0157 6060 Processor architecture: Intel x86
15:26:58.0157 6060 Number of processors: 4
15:26:58.0157 6060 Page size: 0x1000
15:26:58.0157 6060 Boot type: Normal boot
15:26:58.0157 6060 ============================================================
15:26:59.0081 6060 Initialize success

cosinus · 12.10.2011, 17:23

Nö, ist das falsche Log. Das vollständige Log sollte direkt auf C: zu finden sein

madie2712 · 12.10.2011, 17:36

okay sorry, dann ist es wahrscheinlich das hier:

Zitat:

15:17:24.0388 1676 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
15:17:24.0498 1676 ============================================================
15:17:24.0498 1676 Current date / time: 2011/10/12 15:17:24.0498
15:17:24.0498 1676 SystemInfo:
15:17:24.0498 1676
15:17:24.0498 1676 OS Version: 6.0.6002 ServicePack: 2.0
15:17:24.0498 1676 Product type: Workstation
15:17:24.0498 1676 ComputerName: MARCO-PC
15:17:24.0498 1676 UserName: Marco
15:17:24.0498 1676 Windows directory: C:\Windows
15:17:24.0498 1676 System windows directory: C:\Windows
15:17:24.0498 1676 Processor architecture: Intel x86
15:17:24.0498 1676 Number of processors: 4
15:17:24.0498 1676 Page size: 0x1000
15:17:24.0498 1676 Boot type: Normal boot
15:17:24.0498 1676 ============================================================
15:17:25.0410 1676 Initialize success
15:17:31.0104 4092 ============================================================
15:17:31.0104 4092 Scan started
15:17:31.0104 4092 Mode: Manual; SigCheck; TDLFS;
15:17:31.0104 4092 ============================================================
15:17:32.0516 4092 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:17:32.0663 4092 ACPI - ok
15:17:32.0985 4092 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:17:33.0058 4092 adp94xx - ok
15:17:33.0099 4092 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:17:33.0115 4092 adpahci - ok
15:17:33.0148 4092 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:17:33.0175 4092 adpu160m - ok
15:17:33.0201 4092 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:17:33.0213 4092 adpu320 - ok
15:17:33.0394 4092 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:17:33.0441 4092 AFD - ok
15:17:33.0532 4092 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:17:33.0543 4092 agp440 - ok
15:17:33.0583 4092 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:17:33.0594 4092 aic78xx - ok
15:17:33.0614 4092 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:17:33.0624 4092 aliide - ok
15:17:33.0634 4092 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:17:33.0645 4092 amdagp - ok
15:17:33.0675 4092 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:17:33.0699 4092 amdide - ok
15:17:33.0739 4092 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:17:33.0884 4092 AmdK7 - ok
15:17:34.0158 4092 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:17:34.0211 4092 AmdK8 - ok
15:17:34.0532 4092 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) C:\Windows\system32\DRIVERS\anodlwf.sys
15:17:34.0623 4092 anodlwf - ok
15:17:34.0892 4092 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:17:34.0904 4092 arc - ok
15:17:35.0267 4092 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:17:35.0280 4092 arcsas - ok
15:17:35.0537 4092 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:35.0656 4092 AsyncMac - ok
15:17:36.0097 4092 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:17:36.0110 4092 atapi - ok
15:17:36.0629 4092 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
15:17:36.0697 4092 atksgt ( UnsignedFile.Multi.Generic ) - warning
15:17:36.0697 4092 atksgt - detected UnsignedFile.Multi.Generic (1)
15:17:36.0884 4092 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:17:36.0907 4092 avgio - ok
15:17:36.0999 4092 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
15:17:37.0026 4092 avgntflt - ok
15:17:37.0134 4092 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
15:17:37.0173 4092 avipbb - ok
15:17:37.0415 4092 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
15:17:37.0429 4092 avmeject ( UnsignedFile.Multi.Generic ) - warning
15:17:37.0429 4092 avmeject - detected UnsignedFile.Multi.Generic (1)
15:17:37.0747 4092 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:17:37.0782 4092 Beep - ok
15:17:37.0907 4092 blbdrive - ok
15:17:37.0956 4092 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:17:38.0001 4092 bowser - ok
15:17:38.0044 4092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:17:38.0104 4092 BrFiltLo - ok
15:17:38.0122 4092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:17:38.0154 4092 BrFiltUp - ok
15:17:38.0183 4092 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:17:38.0243 4092 Brserid - ok
15:17:38.0438 4092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:17:38.0501 4092 BrSerWdm - ok
15:17:38.0598 4092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:17:38.0666 4092 BrUsbMdm - ok
15:17:38.0723 4092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:17:38.0781 4092 BrUsbSer - ok
15:17:38.0811 4092 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:17:38.0863 4092 BTHMODEM - ok
15:17:38.0931 4092 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:17:38.0996 4092 cdfs - ok
15:17:39.0036 4092 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:17:39.0070 4092 cdrom - ok
15:17:39.0123 4092 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:17:39.0218 4092 circlass - ok
15:17:39.0379 4092 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:17:39.0399 4092 CLFS - ok
15:17:39.0459 4092 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:17:39.0471 4092 cmdide - ok
15:17:39.0541 4092 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\Windows\system32\drivers\cmaudio.sys
15:17:39.0604 4092 cmpci ( UnsignedFile.Multi.Generic ) - warning
15:17:39.0604 4092 cmpci - detected UnsignedFile.Multi.Generic (1)
15:17:39.0629 4092 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
15:17:39.0640 4092 Compbatt - ok
15:17:39.0665 4092 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:17:39.0677 4092 crcdisk - ok
15:17:39.0704 4092 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:17:39.0794 4092 Crusoe - ok
15:17:39.0884 4092 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:17:39.0980 4092 DfsC - ok
15:17:40.0241 4092 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:17:40.0256 4092 disk - ok
15:17:40.0399 4092 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:17:40.0456 4092 drmkaud - ok
15:17:40.0705 4092 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:17:40.0735 4092 DXGKrnl - ok
15:17:40.0906 4092 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:17:40.0992 4092 E1G60 - ok
15:17:41.0125 4092 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:17:41.0145 4092 Ecache - ok
15:17:41.0499 4092 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:17:41.0614 4092 elxstor - ok
15:17:41.0868 4092 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:17:41.0932 4092 exfat - ok
15:17:42.0012 4092 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:17:42.0049 4092 fastfat - ok
15:17:42.0071 4092 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:17:42.0134 4092 fdc - ok
15:17:42.0186 4092 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:17:42.0197 4092 FileInfo - ok
15:17:42.0213 4092 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:17:42.0243 4092 Filetrace - ok
15:17:42.0287 4092 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:17:42.0341 4092 flpydisk - ok
15:17:42.0385 4092 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:17:42.0398 4092 FltMgr - ok
15:17:42.0448 4092 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:17:42.0466 4092 Fs_Rec - ok
15:17:42.0555 4092 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
15:17:42.0590 4092 FWLANUSB - ok
15:17:42.0617 4092 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:17:42.0645 4092 gagp30kx - ok
15:17:42.0934 4092 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
15:17:42.0942 4092 hamachi - ok
15:17:43.0011 4092 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:17:43.0066 4092 HdAudAddService - ok
15:17:43.0262 4092 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:17:43.0315 4092 HDAudBus - ok
15:17:43.0504 4092 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:17:43.0594 4092 HidBth - ok
15:17:43.0662 4092 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:17:43.0715 4092 HidIr - ok
15:17:43.0787 4092 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:17:43.0823 4092 HidUsb - ok
15:17:43.0853 4092 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:17:43.0862 4092 HpCISSs - ok
15:17:44.0089 4092 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:17:44.0176 4092 HTTP - ok
15:17:44.0478 4092 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:17:44.0487 4092 i2omp - ok
15:17:44.0822 4092 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:17:44.0877 4092 i8042prt - ok
15:17:45.0300 4092 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
15:17:45.0392 4092 iaStor - ok
15:17:45.0856 4092 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:17:45.0900 4092 iaStorV - ok
15:17:46.0275 4092 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:17:46.0306 4092 iirsp - ok
15:17:47.0064 4092 IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys
15:17:47.0408 4092 IntcAzAudAddService - ok
15:17:47.0849 4092 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:17:47.0879 4092 intelide - ok
15:17:47.0936 4092 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:17:47.0971 4092 intelppm - ok
15:17:48.0022 4092 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:48.0053 4092 IpFilterDriver - ok
15:17:48.0070 4092 IpInIp - ok
15:17:48.0098 4092 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:17:48.0173 4092 IPMIDRV - ok
15:17:48.0203 4092 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:17:48.0250 4092 IPNAT - ok
15:17:48.0546 4092 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:17:48.0645 4092 IRENUM - ok
15:17:48.0906 4092 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:17:48.0918 4092 isapnp - ok
15:17:49.0053 4092 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:17:49.0068 4092 iScsiPrt - ok
15:17:49.0142 4092 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:17:49.0154 4092 iteatapi - ok
15:17:49.0203 4092 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:17:49.0214 4092 iteraid - ok
15:17:49.0272 4092 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
15:17:49.0335 4092 JRAID - ok
15:17:49.0453 4092 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:17:49.0498 4092 kbdclass - ok
15:17:49.0916 4092 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:17:49.0977 4092 kbdhid - ok
15:17:50.0241 4092 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
15:17:50.0427 4092 KSecDD - ok
15:17:50.0631 4092 LGDDCDevice (cf09b41c8736d83059f44099c63da877) C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys
15:17:50.0649 4092 LGDDCDevice ( UnsignedFile.Multi.Generic ) - warning
15:17:50.0649 4092 LGDDCDevice - detected UnsignedFile.Multi.Generic (1)
15:17:50.0688 4092 LGII2CDevice (a0f4c45bcecead1e406bba1f07b27115) C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys
15:17:50.0692 4092 LGII2CDevice ( UnsignedFile.Multi.Generic ) - warning
15:17:50.0692 4092 LGII2CDevice - detected UnsignedFile.Multi.Generic (1)
15:17:50.0976 4092 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
15:17:50.0980 4092 lirsgt ( UnsignedFile.Multi.Generic ) - warning
15:17:50.0980 4092 lirsgt - detected UnsignedFile.Multi.Generic (1)
15:17:51.0024 4092 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:17:51.0113 4092 lltdio - ok
15:17:51.0308 4092 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:17:51.0321 4092 LSI_FC - ok
15:17:51.0348 4092 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:17:51.0381 4092 LSI_SAS - ok
15:17:51.0416 4092 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:17:51.0428 4092 LSI_SCSI - ok
15:17:51.0587 4092 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:17:51.0619 4092 luafv - ok
15:17:51.0724 4092 MBAMSwissArmy - ok
15:17:51.0783 4092 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:17:51.0794 4092 megasas - ok
15:17:51.0878 4092 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:17:51.0950 4092 Modem - ok
15:17:52.0100 4092 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:17:52.0141 4092 monitor - ok
15:17:52.0378 4092 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:17:52.0391 4092 mouclass - ok
15:17:52.0525 4092 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:17:52.0565 4092 mouhid - ok
15:17:52.0602 4092 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:17:52.0615 4092 MountMgr - ok
15:17:52.0654 4092 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:17:52.0666 4092 mpio - ok
15:17:52.0702 4092 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:17:52.0763 4092 mpsdrv - ok
15:17:52.0791 4092 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:17:52.0824 4092 Mraid35x - ok
15:17:52.0857 4092 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:17:52.0913 4092 MRxDAV - ok
15:17:52.0977 4092 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:53.0043 4092 mrxsmb - ok
15:17:53.0150 4092 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:53.0216 4092 mrxsmb10 - ok
15:17:53.0254 4092 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:53.0271 4092 mrxsmb20 - ok
15:17:53.0310 4092 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
15:17:53.0318 4092 msahci - ok
15:17:53.0364 4092 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:17:53.0373 4092 msdsm - ok
15:17:53.0418 4092 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:17:53.0455 4092 Msfs - ok
15:17:53.0568 4092 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
15:17:53.0601 4092 MSHUSBVideo - ok
15:17:53.0644 4092 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:17:53.0652 4092 msisadrv - ok
15:17:53.0675 4092 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:17:53.0698 4092 MSKSSRV - ok
15:17:53.0796 4092 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:53.0832 4092 MSPCLOCK - ok
15:17:53.0898 4092 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:17:53.0942 4092 MSPQM - ok
15:17:54.0097 4092 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:17:54.0119 4092 MsRPC - ok
15:17:54.0158 4092 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:17:54.0167 4092 mssmbios - ok
15:17:54.0227 4092 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:17:54.0252 4092 MSTEE - ok
15:17:54.0292 4092 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:17:54.0306 4092 Mup - ok
15:17:54.0358 4092 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:17:54.0417 4092 NativeWifiP - ok
15:17:54.0858 4092 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:17:54.0882 4092 NDIS - ok
15:17:54.0979 4092 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:55.0022 4092 NdisTapi - ok
15:17:55.0079 4092 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:55.0114 4092 Ndisuio - ok
15:17:55.0232 4092 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:55.0278 4092 NdisWan - ok
15:17:55.0306 4092 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:17:55.0330 4092 NDProxy - ok
15:17:55.0379 4092 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:17:55.0409 4092 NetBIOS - ok
15:17:55.0535 4092 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:17:55.0602 4092 netbt - ok
15:17:55.0666 4092 netr28u (4131e8f614ec61868996503a168219bc) C:\Windows\system32\DRIVERS\Dnetr28u.sys
15:17:55.0750 4092 netr28u - ok
15:17:55.0939 4092 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:17:55.0950 4092 nfrd960 - ok
15:17:55.0997 4092 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\Windows\system32\drivers\ccdcmb.sys
15:17:56.0043 4092 nmwcd - ok
15:17:56.0072 4092 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\Windows\system32\drivers\ccdcmbo.sys
15:17:56.0103 4092 nmwcdc - ok
15:17:56.0138 4092 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:17:56.0162 4092 Npfs - ok
15:17:56.0338 4092 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:17:56.0368 4092 nsiproxy - ok
15:17:56.0438 4092 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:17:56.0518 4092 Ntfs - ok
15:17:56.0620 4092 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:17:56.0707 4092 ntrigdigi - ok
15:17:56.0919 4092 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:17:56.0953 4092 Null - ok
15:17:57.0595 4092 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:17:58.0506 4092 nvlddmkm - ok
15:17:58.0704 4092 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:17:58.0730 4092 nvraid - ok
15:17:58.0814 4092 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
15:17:58.0892 4092 nvrd32 - ok
15:17:58.0973 4092 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:17:58.0982 4092 nvstor - ok
15:17:59.0217 4092 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
15:17:59.0228 4092 nvstor32 - ok
15:17:59.0341 4092 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:17:59.0354 4092 nv_agp - ok
15:17:59.0361 4092 NwlnkFlt - ok
15:17:59.0371 4092 NwlnkFwd - ok
15:17:59.0425 4092 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:17:59.0471 4092 ohci1394 - ok
15:17:59.0789 4092 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
15:17:59.0825 4092 Parport - ok
15:18:00.0078 4092 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:18:00.0093 4092 partmgr - ok
15:18:00.0131 4092 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
15:18:00.0160 4092 Parvdm - ok
15:18:00.0228 4092 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:18:00.0289 4092 pccsmcfd - ok
15:18:00.0379 4092 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:18:00.0413 4092 pci - ok
15:18:00.0442 4092 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
15:18:00.0453 4092 pciide - ok
15:18:00.0469 4092 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:18:00.0484 4092 pcmcia - ok
15:18:00.0534 4092 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:18:00.0663 4092 PEAUTH - ok
15:18:00.0987 4092 Ph3xIB32 (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
15:18:01.0085 4092 Ph3xIB32 - ok
15:18:01.0168 4092 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:18:01.0220 4092 PptpMiniport - ok
15:18:01.0314 4092 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:18:01.0387 4092 Processor - ok
15:18:01.0536 4092 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:18:01.0575 4092 PSched - ok
15:18:01.0854 4092 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:18:01.0904 4092 ql2300 - ok
15:18:02.0014 4092 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:18:02.0027 4092 ql40xx - ok
15:18:02.0113 4092 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:18:02.0212 4092 QWAVEdrv - ok
15:18:02.0436 4092 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:18:02.0480 4092 RasAcd - ok
15:18:02.0633 4092 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:02.0695 4092 Rasl2tp - ok
15:18:02.0806 4092 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:02.0869 4092 RasPppoe - ok
15:18:02.0893 4092 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:18:02.0945 4092 RasSstp - ok
15:18:03.0050 4092 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:18:03.0092 4092 rdbss - ok
15:18:03.0126 4092 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:03.0159 4092 RDPCDD - ok
15:18:03.0219 4092 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:18:03.0310 4092 rdpdr - ok
15:18:03.0443 4092 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:18:03.0486 4092 RDPENCDD - ok
15:18:03.0528 4092 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:18:03.0584 4092 RDPWD - ok
15:18:03.0725 4092 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
15:18:03.0742 4092 RsFx0103 - ok
15:18:03.0811 4092 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:18:03.0848 4092 rspndr - ok
15:18:03.0950 4092 RTL8169 (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:18:03.0998 4092 RTL8169 - ok
15:18:04.0077 4092 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:18:04.0105 4092 sbp2port - ok
15:18:04.0154 4092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:18:04.0228 4092 secdrv - ok
15:18:04.0273 4092 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
15:18:04.0340 4092 Serenum - ok
15:18:04.0384 4092 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
15:18:04.0424 4092 Serial - ok
15:18:04.0708 4092 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:18:04.0780 4092 sermouse - ok
15:18:04.0920 4092 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
15:18:04.0930 4092 sfdrv01 - ok
15:18:05.0169 4092 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:18:05.0220 4092 sffdisk - ok
15:18:05.0249 4092 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:18:05.0299 4092 sffp_mmc - ok
15:18:05.0347 4092 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:18:05.0399 4092 sffp_sd - ok
15:18:05.0469 4092 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
15:18:05.0512 4092 sfhlp02 - ok
15:18:05.0738 4092 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:18:05.0796 4092 sfloppy - ok
15:18:05.0986 4092 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
15:18:06.0046 4092 sfvfs02 - ok
15:18:06.0112 4092 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:18:06.0124 4092 sisagp - ok
15:18:06.0132 4092 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:18:06.0145 4092 SiSRaid2 - ok
15:18:06.0183 4092 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:18:06.0216 4092 SiSRaid4 - ok
15:18:06.0249 4092 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:18:06.0285 4092 Smb - ok
15:18:06.0379 4092 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:18:06.0391 4092 spldr - ok
15:18:06.0565 4092 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:18:06.0635 4092 srv - ok
15:18:06.0807 4092 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:18:06.0850 4092 srv2 - ok
15:18:06.0879 4092 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:18:06.0935 4092 srvnet - ok
15:18:07.0010 4092 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:18:07.0030 4092 ssmdrv - ok
15:18:07.0226 4092 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:18:07.0239 4092 swenum - ok
15:18:07.0295 4092 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:18:07.0307 4092 Symc8xx - ok
15:18:07.0335 4092 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:18:07.0348 4092 Sym_hi - ok
15:18:07.0364 4092 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:18:07.0375 4092 Sym_u3 - ok
15:18:07.0566 4092 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
15:18:07.0636 4092 Tcpip - ok
15:18:07.0716 4092 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
15:18:07.0749 4092 Tcpip6 - ok
15:18:07.0782 4092 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:18:07.0828 4092 tcpipreg - ok
15:18:07.0885 4092 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:18:07.0915 4092 TDPIPE - ok
15:18:07.0938 4092 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:18:07.0995 4092 TDTCP - ok
15:18:08.0279 4092 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:18:08.0360 4092 tdx - ok
15:18:08.0473 4092 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:18:08.0487 4092 TermDD - ok
15:18:08.0736 4092 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:08.0765 4092 tssecsrv - ok
15:18:08.0925 4092 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:18:08.0977 4092 tunmp - ok
15:18:09.0133 4092 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:18:09.0149 4092 tunnel - ok
15:18:09.0223 4092 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:18:09.0249 4092 uagp35 - ok
15:18:09.0449 4092 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:18:09.0489 4092 udfs - ok
15:18:09.0595 4092 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:18:09.0609 4092 uliagpkx - ok
15:18:09.0792 4092 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:18:09.0809 4092 uliahci - ok
15:18:09.0890 4092 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:18:09.0946 4092 UlSata - ok
15:18:09.0979 4092 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:18:10.0008 4092 ulsata2 - ok
15:18:10.0103 4092 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:18:10.0154 4092 umbus - ok
15:18:10.0192 4092 upperdev (ec01da44b090d2651fc032c8b9257232) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
15:18:10.0232 4092 upperdev - ok
15:18:10.0315 4092 USBAAPL - ok
15:18:10.0407 4092 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:18:10.0447 4092 usbaudio - ok
15:18:10.0646 4092 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:10.0676 4092 usbccgp - ok
15:18:10.0799 4092 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:18:10.0871 4092 usbcir - ok
15:18:11.0097 4092 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:18:11.0124 4092 usbehci - ok
15:18:11.0172 4092 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:18:11.0199 4092 usbhub - ok
15:18:11.0262 4092 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:18:11.0332 4092 usbohci - ok
15:18:11.0355 4092 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:18:11.0420 4092 usbprint - ok
15:18:11.0477 4092 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
15:18:11.0507 4092 usbser - ok
15:18:11.0703 4092 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
15:18:11.0784 4092 UsbserFilt - ok
15:18:11.0872 4092 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:11.0932 4092 USBSTOR - ok
15:18:12.0000 4092 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:18:12.0046 4092 usbuhci - ok
15:18:12.0132 4092 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:18:12.0164 4092 usbvideo - ok
15:18:12.0260 4092 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:12.0323 4092 vga - ok
15:18:12.0498 4092 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:18:12.0558 4092 VgaSave - ok
15:18:12.0614 4092 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:18:12.0627 4092 viaagp - ok
15:18:12.0649 4092 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:18:12.0711 4092 ViaC7 - ok
15:18:12.0808 4092 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:18:12.0818 4092 viaide - ok
15:18:12.0866 4092 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
15:18:12.0919 4092 viamraid - ok
15:18:12.0994 4092 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:18:13.0007 4092 volmgr - ok
15:18:13.0103 4092 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:18:13.0123 4092 volmgrx - ok
15:18:13.0167 4092 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:18:13.0186 4092 volsnap - ok
15:18:13.0395 4092 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:18:13.0483 4092 vsmraid - ok
15:18:13.0611 4092 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:18:13.0663 4092 WacomPen - ok
15:18:13.0810 4092 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:13.0850 4092 Wanarp - ok
15:18:13.0881 4092 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:13.0904 4092 Wanarpv6 - ok
15:18:14.0182 4092 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:18:14.0193 4092 Wd - ok
15:18:14.0388 4092 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:18:14.0413 4092 Wdf01000 - ok
15:18:14.0540 4092 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
15:18:14.0614 4092 WmiAcpi - ok
15:18:14.0682 4092 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:18:14.0753 4092 WpdUsb - ok
15:18:14.0935 4092 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:18:14.0964 4092 ws2ifsl - ok
15:18:15.0016 4092 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:15.0069 4092 WUDFRd - ok
15:18:15.0121 4092 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:18:15.0257 4092 \Device\Harddisk0\DR0 - ok
15:18:15.0261 4092 Boot (0x1200) (ba66f02c06d5fee94c101a5b7177ce63) \Device\Harddisk0\DR0\Partition0
15:18:15.0338 4092 \Device\Harddisk0\DR0\Partition0 - ok
15:18:15.0353 4092 Boot (0x1200) (93b41f579dddf6d02b473f1e32b42825) \Device\Harddisk0\DR0\Partition1
15:18:15.0353 4092 \Device\Harddisk0\DR0\Partition1 - ok
15:18:15.0354 4092 ============================================================
15:18:15.0354 4092 Scan finished
15:18:15.0354 4092 ============================================================
15:18:15.0364 0824 Detected object count: 6
15:18:15.0364 0824 Actual detected object count: 6
15:20:00.0760 0824 HKLM\SYSTEM\ControlSet001\services\atksgt - will be deleted on reboot
15:20:00.0797 0824 HKLM\SYSTEM\ControlSet003\services\atksgt - will be deleted on reboot
15:20:00.0807 0824 C:\Windows\system32\DRIVERS\atksgt.sys - will be deleted on reboot
15:20:00.0807 0824 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:20:00.0810 0824 HKLM\SYSTEM\ControlSet001\services\avmeject - will be deleted on reboot
15:20:00.0811 0824 HKLM\SYSTEM\ControlSet003\services\avmeject - will be deleted on reboot
15:20:00.0813 0824 C:\Windows\system32\drivers\avmeject.sys - will be deleted on reboot
15:20:00.0813 0824 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:20:00.0815 0824 HKLM\SYSTEM\ControlSet001\services\cmpci - will be deleted on reboot
15:20:00.0824 0824 HKLM\SYSTEM\ControlSet003\services\cmpci - will be deleted on reboot
15:20:00.0825 0824 C:\Windows\system32\drivers\cmaudio.sys - will be deleted on reboot
15:20:00.0825 0824 cmpci ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:20:00.0828 0824 HKLM\SYSTEM\ControlSet001\services\LGDDCDevice - will be deleted on reboot
15:20:00.0840 0824 HKLM\SYSTEM\ControlSet003\services\LGDDCDevice - will be deleted on reboot
15:20:00.0842 0824 C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys - will be deleted on reboot
15:20:00.0842 0824 LGDDCDevice ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:20:00.0845 0824 HKLM\SYSTEM\ControlSet001\services\LGII2CDevice - will be deleted on reboot
15:20:00.0846 0824 HKLM\SYSTEM\ControlSet003\services\LGII2CDevice - will be deleted on reboot
15:20:00.0848 0824 C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys - will be deleted on reboot
15:20:00.0848 0824 LGII2CDevice ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:20:00.0850 0824 HKLM\SYSTEM\ControlSet001\services\lirsgt - will be deleted on reboot
15:20:00.0851 0824 HKLM\SYSTEM\ControlSet003\services\lirsgt - will be deleted on reboot
15:20:00.0852 0824 C:\Windows\system32\DRIVERS\lirsgt.sys - will be deleted on reboot
15:20:00.0853 0824 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:20:08.0540 5192 Deinitialize success

12.10.2011, 17:23	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Facebook-Virus Nö, ist das falsche Log. Das vollständige Log sollte direkt auf C: zu finden sein __________________ Logfiles bitte immer in CODE-Tags posten

Facebook-Virus

Plagegeister aller Art und deren Bekämpfung: Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Facebook-Virus

Ähnliche Themen: Facebook-Virus

10.10.2011, 21:51	#9
madie2712	Facebook-Virus hallo, ich habe es eigentlich genauso gemacht, wie oben beschrieben. Aber vista gibt nach einigen minuten ne fehlermeldung raus. so nach dem Motto: " OTL funktioniert nicht mehr". außerdem stürzt meine explorer.exe während des ausführens ab... oder ist das beabsichtigt? (hab sie mim task manager wieder ausführen lassen). Vielen Dank schon mal, Gruß Marco