| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Facebook Virus(?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.09.2011, 21:45
| #1 |
 |  Facebook Virus(?) Hi, seid ca. einer Woche sende ich meinem Freunden in Facebook immer Links zu Videos (nicht über den chat wie es normalerweise ist, sondern über die Pinnwand). Ich habe mich hier im Forum erkundigt und mal folgendes "programm" ausprobiert: ESET Online Scanner. Da mein Avira Antivir/Malwarebytes/Hijackthis nichts gefunden hat hab ich das einfach mal ausprobiert. Hat am ende des Suchlaufes auch was gefunden. Hier der Logfile ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=df759333835a3043b653c8eaed832fa8 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-29 07:25:02 # local_time=2011-09-29 09:25:02 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775165 100 94 197074 53850135 189862 0 # compatibility_mode=5893 16776573 100 94 44469 68948122 0 0 # compatibility_mode=8192 67108863 100 0 177 177 0 0 # scanned=394743 # found=2 # cleaned=0 # scan_time=6029 C:\Users\Gaming\AppData\Local\Mozilla\Firefox\Profiles\bdiwjdg7.default\Cache\9\29\BB3ECd01 JS/Kryptik.CH trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Gaming\AppData\Local\Mozilla\Firefox\Profiles\bdiwjdg7.default\Cache\E\B2\56725d01 JS/Exploit.Pdfka.PDM.Gen trojan (unable to clean) 00000000000000000000000000000000 I Ich hoffe mir kann geholfen werden  |
|
30.09.2011, 13:05
| #2 |
| | Facebook Virus(?) Niemand, der weiß wie man diese Trojaner entfernt?
__________________ |
|
02.10.2011, 14:34
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Facebook Virus(?) Bitte ALLE Logs von Malwarebytes posten auch wenn keine Funde dabei waren
__________________
__________________ |
|
02.10.2011, 21:46
| #4 |
| | Facebook Virus(?) weiß leider nich wie man hier spoiler macht. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7781 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 23.09.2011 17:13:58 mbam-log-2011-09-23 (17-13-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 131551 Laufzeit: 20 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7781 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 23.09.2011 17:18:07 mbam-log-2011-09-23 (17-18-07).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 201962 Laufzeit: 3 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7823 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 29.09.2011 19:21:56 mbam-log-2011-09-29 (19-21-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 203977 Laufzeit: 5 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
04.10.2011, 15:56
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Virus(?) CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
05.10.2011, 13:43
| #6 |
| | Facebook Virus(?) OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.10.2011 13:21:40 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Adriaan\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,65% Memory free 7,99 Gb Paging File | 6,41 Gb Available in Paging File | 80,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,00 Gb Total Space | 206,60 Gb Free Space | 45,41% Space Free | Partition Type: NTFS Drive D: | 669,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ADRIAAN-PC | User Name: Adriaan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.05 13:19:25 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Adriaan\Downloads\OTL.exe PRC - [2011.09.11 12:10:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.28 11:28:04 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.12.24 16:41:17 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2009.12.24 16:41:08 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009.09.11 13:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009.08.17 10:30:00 | 000,329,968 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2009.08.17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2009.06.24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009.06.18 22:46:28 | 001,554,928 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe PRC - [2009.06.18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009.05.21 09:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe PRC - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe PRC - [2009.03.20 03:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 03:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2008.12.18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2011.09.11 12:10:41 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.08.31 21:56:46 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll MOD - [2011.08.31 20:49:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll MOD - [2011.08.31 20:49:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll MOD - [2011.08.31 20:48:48 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll MOD - [2011.08.31 20:48:37 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll MOD - [2011.08.31 20:48:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll MOD - [2011.08.31 20:48:29 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll MOD - [2011.08.31 20:48:21 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll MOD - [2011.08.31 20:48:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll MOD - [2011.08.31 20:48:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll MOD - [2011.08.31 20:48:13 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll MOD - [2011.08.31 20:48:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll MOD - [2011.08.28 11:28:04 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.09.11 13:10:00 | 000,369,904 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2009.09.11 13:10:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2009.09.11 13:08:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009.09.11 13:08:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009.09.11 13:08:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009.09.11 13:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009.09.11 13:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009.08.21 11:57:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll MOD - [2009.08.17 10:30:00 | 000,329,968 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe MOD - [2009.08.17 10:30:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2009.08.17 10:30:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2009.08.17 10:30:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2009.08.17 10:29:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll MOD - [2009.08.17 10:29:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2009.08.17 10:29:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2009.08.17 10:29:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2009.08.17 10:29:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll MOD - [2009.08.17 10:29:00 | 000,025,840 | ---- | M] () -- C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll MOD - [2009.08.17 10:29:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll MOD - [2009.06.18 22:46:28 | 001,554,928 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe MOD - [2009.06.18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009.06.18 22:46:20 | 000,584,176 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll MOD - [2009.05.20 19:59:48 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.06.15 20:12:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.12.24 16:41:17 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2009.12.24 16:41:08 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009.11.13 22:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.08.17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2009.04.01 00:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.03.20 03:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.12.18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.21 12:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.21 12:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.15 20:48:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.20 03:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 03:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2007.10.03 08:42:00 | 000,078,952 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp) DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.11 12:10:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.30 15:59:40 | 000,000,000 | ---D | M] [2009.12.26 21:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adriaan\AppData\Roaming\mozilla\Extensions [2011.08.27 22:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adriaan\AppData\Roaming\mozilla\Firefox\extensions [2011.08.27 22:29:56 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Adriaan\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2011.09.28 15:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adriaan\AppData\Roaming\mozilla\Firefox\Profiles\jno8lgbb.default\extensions [2011.07.30 15:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adriaan\AppData\Roaming\mozilla\Firefox\Profiles\np3lfjiu.default\extensions [2011.08.27 22:27:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Adriaan\AppData\Roaming\mozilla\Firefox\Profiles\np3lfjiu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.08.27 22:27:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Adriaan\AppData\Roaming\mozilla\Firefox\Profiles\np3lfjiu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.08.27 22:27:14 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Adriaan\AppData\Roaming\mozilla\Firefox\Profiles\np3lfjiu.default\extensions\battlefieldheroespatcher@ea.com [2011.08.28 17:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.08.27 22:28:18 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.08.27 22:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.08.27 22:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.08.27 22:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.08.27 22:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.08.27 22:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.08.28 17:13:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\ADRIAAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JNO8LGBB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\ADRIAAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JNO8LGBB.DEFAULT\EXTENSIONS\FLASH@ADOBEE.COM.XPI [2011.09.11 12:10:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adriaan\AppData\Local\Google\Chrome\Application\9.0.597.107\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Adriaan\AppData\Local\Google\Chrome\Application\9.0.597.107\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adriaan\AppData\Local\Google\Chrome\Application\9.0.597.107\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Adriaan\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKLM..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe () O4 - Startup: C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk = C:\Program Files (x86)\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{830E3019-A077-45B2-AE76-7E49737ED03D}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.02.19 21:17:46 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{71c64000-e428-11de-8b3a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{71c64000-e428-11de-8b3a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2008.02.19 21:17:46 | 001,172,376 | R--- | M] () O33 - MountPoints2\{b0964dab-f08e-11de-a1f3-002564dccc69}\Shell - "" = AutoRun O33 - MountPoints2\{b0964dab-f08e-11de-a1f3-002564dccc69}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{f432655b-f087-11de-a127-002564dccc69}\Shell - "" = AutoRun O33 - MountPoints2\{f432655b-f087-11de-a127-002564dccc69}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - Service SafeBootMin:64bit: MCODS - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: mcmscsvc - Service SafeBootNet:64bit: MCODS - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.04 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2011.10.03 17:03:37 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\uTorrent [2011.10.03 02:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2011.09.29 19:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.09.25 19:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test [2011.09.25 19:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft Public Test [2011.09.25 19:11:27 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\PTR Installer 4.0.0.12824 deDE [2011.09.23 16:50:58 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Malwarebytes [2011.09.23 16:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.23 16:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.23 16:50:48 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.23 16:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.18 16:40:42 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\LogMeIn Hamachi [2011.09.18 16:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.09.18 16:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2011.09.14 14:49:57 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.05 13:15:29 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.05 13:15:29 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.05 13:12:25 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.05 13:12:25 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.05 13:12:25 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.05 13:12:25 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.05 13:12:25 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.05 13:08:15 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.10.05 13:08:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.05 13:08:02 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys [2011.10.04 19:53:17 | 000,001,177 | ---- | M] () -- C:\Users\Adriaan\Desktop\TeamSpeak 3 Client.lnk [2011.09.18 20:25:05 | 001,050,355 | ---- | M] () -- C:\Users\Adriaan\Desktop\mcpatcher-2.1.1.exe [2011.09.17 18:22:15 | 000,001,559 | ---- | M] () -- C:\Users\Adriaan\Desktop\WoW.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.04 19:53:17 | 000,001,177 | ---- | C] () -- C:\Users\Adriaan\Desktop\TeamSpeak 3 Client.lnk [2011.09.18 20:24:58 | 001,050,355 | ---- | C] () -- C:\Users\Adriaan\Desktop\mcpatcher-2.1.1.exe [2011.09.17 18:22:15 | 000,001,559 | ---- | C] () -- C:\Users\Adriaan\Desktop\WoW.lnk [2011.08.30 17:38:09 | 000,111,324 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.08.14 17:44:19 | 000,000,095 | ---- | C] () -- C:\Users\Adriaan\AppData\Local\fusioncache.dat [2009.12.24 20:02:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.24 16:41:09 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009.12.24 16:41:08 | 002,395,944 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe [2009.12.24 16:41:08 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009.12.08 20:37:52 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.12.08 20:37:52 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.12.08 20:37:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.08.30 13:35:01 | 000,000,000 | -HSD | M] -- C:\Users\Adriaan\AppData\Roaming\.# [2011.09.18 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\.minecraft [2011.08.27 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\DNA [2011.08.23 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\DVDVideoSoft [2011.06.04 16:27:00 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.14 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\FOG Downloader [2010.07.03 00:07:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\ICQ [2011.08.27 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\ijjigame [2010.01.17 14:32:38 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Leadertech [2010.01.16 21:30:55 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\LG Electronics [2010.05.17 19:16:21 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\LolClient [2011.08.27 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2011.08.27 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2010.08.17 16:10:45 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Mount&Blade Warband [2011.03.04 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\PCDr [2011.08.22 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Sierra [2011.08.27 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Software Informer [2010.05.12 16:47:55 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\TeamViewer [2011.08.27 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Teeworlds [2011.10.04 23:29:46 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\TS3Client [2010.02.11 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\TubeBox [2011.08.27 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Tunngle [2010.08.14 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Turbine [2011.03.27 00:10:26 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Unity [2011.10.03 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\uTorrent [2010.03.18 21:07:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Warsow 0.5 [2009.12.24 14:42:34 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\WildTangent [2009.07.14 07:08:49 | 000,015,246 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.08.30 13:35:01 | 000,000,000 | -HSD | M] -- C:\Users\Adriaan\AppData\Roaming\.# [2011.09.18 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\.minecraft [2010.05.17 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Adobe [2011.03.24 08:41:24 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Apple Computer [2009.12.24 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\ATI [2011.08.24 18:34:55 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Avira [2009.12.24 14:59:54 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\CyberLink [2011.05.25 11:05:30 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Dell [2011.08.27 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\DNA [2011.08.23 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\DVDVideoSoft [2011.06.04 16:27:00 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.14 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\FOG Downloader [2011.06.13 15:28:26 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Hamachi [2010.07.03 00:07:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\ICQ [2009.12.24 14:39:49 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Identities [2011.08.27 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\ijjigame [2010.01.16 21:30:23 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\InstallShield [2010.01.17 14:32:38 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Leadertech [2010.01.16 21:30:55 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\LG Electronics [2010.05.17 19:16:21 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\LolClient [2009.12.24 14:42:36 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Macromedia [2011.09.23 16:50:58 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Media Center Programs [2011.08.27 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2011.08.27 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011.08.27 22:29:55 | 000,000,000 | --SD | M] -- C:\Users\Adriaan\AppData\Roaming\Microsoft [2010.08.17 16:10:45 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Mount&Blade Warband [2011.08.27 22:13:04 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Mozilla [2011.03.04 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\PCDr [2011.08.27 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Roxio [2010.01.16 15:59:39 | 000,000,000 | RH-D | M] -- C:\Users\Adriaan\AppData\Roaming\SecuROM [2011.08.22 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Sierra [2011.10.05 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Skype [2011.10.05 13:09:17 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\skypePM [2011.08.27 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Software Informer [2011.08.27 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\teamspeak2 [2010.05.12 16:47:55 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\TeamViewer [2011.08.27 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Teeworlds [2011.10.04 23:29:46 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\TS3Client [2010.02.11 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\TubeBox [2011.08.27 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Tunngle [2010.08.14 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Turbine [2011.03.27 00:10:26 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Unity [2011.10.03 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\uTorrent [2011.08.27 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Ventrilo [2010.03.18 21:07:16 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\Warsow 0.5 [2009.12.24 14:42:34 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\WildTangent [2010.05.12 16:42:23 | 000,000,000 | ---D | M] -- C:\Users\Adriaan\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.08.30 13:35:39 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Adriaan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\atl.dll < End of report > |
|
05.10.2011, 17:00
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Virus(?) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.19 21:17:46 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{71c64000-e428-11de-8b3a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{71c64000-e428-11de-8b3a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2008.02.19 21:17:46 | 001,172,376 | R--- | M] ()
O33 - MountPoints2\{b0964dab-f08e-11de-a1f3-002564dccc69}\Shell - "" = AutoRun
O33 - MountPoints2\{b0964dab-f08e-11de-a1f3-002564dccc69}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{f432655b-f087-11de-a127-002564dccc69}\Shell - "" = AutoRun
O33 - MountPoints2\{f432655b-f087-11de-a127-002564dccc69}\Shell\AutoRun\command - "" = I:\pushinst.exe
[2011.08.30 13:35:01 | 000,000,000 | -HSD | M] -- C:\Users\Adriaan\AppData\Roaming\.#
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
05.10.2011, 17:33
| #8 |
| | Facebook Virus(?) All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. D:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71c64000-e428-11de-8b3a-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71c64000-e428-11de-8b3a-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71c64000-e428-11de-8b3a-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71c64000-e428-11de-8b3a-806e6f6e6963}\ not found. File move failed. D:\Installer.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0964dab-f08e-11de-a1f3-002564dccc69}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0964dab-f08e-11de-a1f3-002564dccc69}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0964dab-f08e-11de-a1f3-002564dccc69}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0964dab-f08e-11de-a1f3-002564dccc69}\ not found. File I:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f432655b-f087-11de-a127-002564dccc69}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f432655b-f087-11de-a127-002564dccc69}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f432655b-f087-11de-a127-002564dccc69}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f432655b-f087-11de-a127-002564dccc69}\ not found. File I:\pushinst.exe not found. C:\Users\Adriaan\AppData\Roaming\.# folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Adriaan ->Temp folder emptied: 3823122763 bytes ->Temporary Internet Files folder emptied: 101413338 bytes ->Java cache emptied: 15822864 bytes ->FireFox cache emptied: 1427132315 bytes ->Google Chrome cache emptied: 79586960 bytes ->Apple Safari cache emptied: 66200576 bytes ->Flash cache emptied: 198144 bytes User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32969 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gaming ->Temp folder emptied: 358231 bytes ->Temporary Internet Files folder emptied: 10571123 bytes ->FireFox cache emptied: 93610626 bytes ->Flash cache emptied: 3290 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 127168700 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes RecycleBin emptied: 187712 bytes Total Files Cleaned = 5.479,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.29.1 log created on 10052011_172130 Files\Folders moved on Reboot... File move failed. D:\autorun.inf scheduled to be moved on reboot. File move failed. D:\Installer.exe scheduled to be moved on reboot. C:\Users\Adriaan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
05.10.2011, 17:34
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Virus(?) Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
05.10.2011, 18:23
| #10 |
| | Facebook Virus(?) 18:22:01.0467 3840 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01 18:22:01.0592 3840 ============================================================ 18:22:01.0592 3840 Current date / time: 2011/10/05 18:22:01.0592 18:22:01.0592 3840 SystemInfo: 18:22:01.0592 3840 18:22:01.0592 3840 OS Version: 6.1.7601 ServicePack: 1.0 18:22:01.0592 3840 Product type: Workstation 18:22:01.0592 3840 ComputerName: ADRIAAN-PC 18:22:01.0592 3840 UserName: Adriaan 18:22:01.0592 3840 Windows directory: C:\Windows 18:22:01.0592 3840 System windows directory: C:\Windows 18:22:01.0592 3840 Running under WOW64 18:22:01.0592 3840 Processor architecture: Intel x64 18:22:01.0592 3840 Number of processors: 2 18:22:01.0592 3840 Page size: 0x1000 18:22:01.0592 3840 Boot type: Normal boot 18:22:01.0592 3840 ============================================================ 18:22:02.0310 3840 Initialize success 18:22:07.0645 0288 ============================================================ 18:22:07.0645 0288 Scan started 18:22:07.0645 0288 Mode: Manual; SigCheck; TDLFS; 18:22:07.0645 0288 ============================================================ 18:22:08.0893 0288 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 18:22:08.0971 0288 1394ohci - ok 18:22:09.0018 0288 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 18:22:09.0018 0288 ACPI - ok 18:22:09.0049 0288 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 18:22:09.0111 0288 AcpiPmi - ok 18:22:09.0158 0288 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 18:22:09.0174 0288 adp94xx - ok 18:22:09.0205 0288 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 18:22:09.0220 0288 adpahci - ok 18:22:09.0236 0288 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 18:22:09.0252 0288 adpu320 - ok 18:22:09.0314 0288 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 18:22:09.0376 0288 AFD - ok 18:22:09.0408 0288 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 18:22:09.0423 0288 agp440 - ok 18:22:09.0454 0288 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 18:22:09.0470 0288 aliide - ok 18:22:09.0486 0288 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 18:22:09.0501 0288 amdide - ok 18:22:09.0532 0288 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 18:22:09.0579 0288 AmdK8 - ok 18:22:09.0610 0288 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 18:22:09.0657 0288 AmdPPM - ok 18:22:09.0688 0288 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 18:22:09.0704 0288 amdsata - ok 18:22:09.0735 0288 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 18:22:09.0751 0288 amdsbs - ok 18:22:09.0766 0288 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 18:22:09.0782 0288 amdxata - ok 18:22:09.0844 0288 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 18:22:09.0954 0288 AppID - ok 18:22:10.0000 0288 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 18:22:10.0016 0288 arc - ok 18:22:10.0047 0288 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 18:22:10.0063 0288 arcsas - ok 18:22:10.0094 0288 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 18:22:10.0203 0288 AsyncMac - ok 18:22:10.0234 0288 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 18:22:10.0250 0288 atapi - ok 18:22:10.0344 0288 atikmdag (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys 18:22:10.0546 0288 atikmdag - ok 18:22:10.0593 0288 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 18:22:10.0624 0288 avgntflt - ok 18:22:10.0656 0288 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 18:22:10.0656 0288 avipbb - ok 18:22:10.0687 0288 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 18:22:10.0702 0288 avmeject - ok 18:22:10.0734 0288 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 18:22:10.0843 0288 b06bdrv - ok 18:22:10.0890 0288 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 18:22:10.0936 0288 b57nd60a - ok 18:22:10.0983 0288 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 18:22:11.0046 0288 Beep - ok 18:22:11.0108 0288 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 18:22:11.0139 0288 blbdrive - ok 18:22:11.0186 0288 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 18:22:11.0217 0288 bowser - ok 18:22:11.0233 0288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:22:11.0295 0288 BrFiltLo - ok 18:22:11.0311 0288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:22:11.0326 0288 BrFiltUp - ok 18:22:11.0358 0288 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 18:22:11.0404 0288 Brserid - ok 18:22:11.0420 0288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 18:22:11.0451 0288 BrSerWdm - ok 18:22:11.0482 0288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:22:11.0514 0288 BrUsbMdm - ok 18:22:11.0545 0288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 18:22:11.0560 0288 BrUsbSer - ok 18:22:11.0592 0288 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 18:22:11.0623 0288 BTHMODEM - ok 18:22:11.0670 0288 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 18:22:11.0685 0288 cdfs - ok 18:22:11.0716 0288 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 18:22:11.0748 0288 cdrom - ok 18:22:11.0810 0288 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 18:22:11.0857 0288 circlass - ok 18:22:11.0904 0288 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 18:22:11.0919 0288 CLFS - ok 18:22:11.0950 0288 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 18:22:11.0982 0288 CmBatt - ok 18:22:11.0997 0288 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 18:22:12.0013 0288 cmdide - ok 18:22:12.0044 0288 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 18:22:12.0091 0288 CNG - ok 18:22:12.0106 0288 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 18:22:12.0122 0288 Compbatt - ok 18:22:12.0184 0288 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 18:22:12.0231 0288 CompositeBus - ok 18:22:12.0262 0288 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 18:22:12.0278 0288 crcdisk - ok 18:22:12.0340 0288 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys 18:22:12.0387 0288 dc3d - ok 18:22:12.0450 0288 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 18:22:12.0481 0288 DfsC - ok 18:22:12.0528 0288 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 18:22:12.0559 0288 discache - ok 18:22:12.0574 0288 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 18:22:12.0574 0288 Disk - ok 18:22:12.0621 0288 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 18:22:12.0668 0288 drmkaud - ok 18:22:12.0715 0288 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 18:22:12.0746 0288 DXGKrnl - ok 18:22:12.0824 0288 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 18:22:12.0918 0288 ebdrv - ok 18:22:12.0964 0288 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 18:22:12.0980 0288 elxstor - ok 18:22:13.0011 0288 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 18:22:13.0042 0288 ErrDev - ok 18:22:13.0074 0288 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 18:22:13.0105 0288 exfat - ok 18:22:13.0136 0288 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 18:22:13.0198 0288 fastfat - ok 18:22:13.0214 0288 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 18:22:13.0230 0288 fdc - ok 18:22:13.0261 0288 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 18:22:13.0261 0288 FileInfo - ok 18:22:13.0292 0288 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 18:22:13.0339 0288 Filetrace - ok 18:22:13.0370 0288 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 18:22:13.0370 0288 flpydisk - ok 18:22:13.0432 0288 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 18:22:13.0448 0288 FltMgr - ok 18:22:13.0479 0288 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 18:22:13.0495 0288 FsDepends - ok 18:22:13.0510 0288 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 18:22:13.0510 0288 Fs_Rec - ok 18:22:13.0557 0288 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 18:22:13.0573 0288 fvevol - ok 18:22:13.0604 0288 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys 18:22:13.0651 0288 FWLANUSB - ok 18:22:13.0682 0288 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 18:22:13.0698 0288 gagp30kx - ok 18:22:13.0744 0288 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:22:13.0760 0288 GEARAspiWDM - ok 18:22:13.0791 0288 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 18:22:13.0807 0288 hamachi - ok 18:22:13.0838 0288 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 18:22:13.0916 0288 hcw85cir - ok 18:22:13.0963 0288 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 18:22:14.0010 0288 HdAudAddService - ok 18:22:14.0041 0288 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 18:22:14.0072 0288 HDAudBus - ok 18:22:14.0119 0288 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 18:22:14.0150 0288 HidBatt - ok 18:22:14.0181 0288 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 18:22:14.0212 0288 HidBth - ok 18:22:14.0244 0288 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 18:22:14.0259 0288 HidIr - ok 18:22:14.0290 0288 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 18:22:14.0337 0288 HidUsb - ok 18:22:14.0368 0288 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 18:22:14.0368 0288 HpSAMD - ok 18:22:14.0431 0288 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 18:22:14.0524 0288 HTTP - ok 18:22:14.0556 0288 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 18:22:14.0571 0288 hwpolicy - ok 18:22:14.0587 0288 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 18:22:14.0602 0288 i8042prt - ok 18:22:14.0634 0288 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 18:22:14.0649 0288 iaStorV - ok 18:22:14.0680 0288 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 18:22:14.0712 0288 iirsp - ok 18:22:14.0774 0288 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys 18:22:14.0821 0288 IntcAzAudAddService - ok 18:22:14.0852 0288 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 18:22:14.0868 0288 intelide - ok 18:22:14.0883 0288 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 18:22:14.0914 0288 intelppm - ok 18:22:14.0961 0288 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:22:15.0024 0288 IpFilterDriver - ok 18:22:15.0039 0288 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 18:22:15.0055 0288 IPMIDRV - ok 18:22:15.0086 0288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 18:22:15.0148 0288 IPNAT - ok 18:22:15.0164 0288 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 18:22:15.0195 0288 IRENUM - ok 18:22:15.0226 0288 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 18:22:15.0242 0288 isapnp - ok 18:22:15.0273 0288 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 18:22:15.0289 0288 iScsiPrt - ok 18:22:15.0320 0288 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 18:22:15.0336 0288 kbdclass - ok 18:22:15.0367 0288 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 18:22:15.0382 0288 kbdhid - ok 18:22:15.0429 0288 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 18:22:15.0445 0288 KSecDD - ok 18:22:15.0476 0288 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 18:22:15.0492 0288 KSecPkg - ok 18:22:15.0507 0288 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 18:22:15.0570 0288 ksthunk - ok 18:22:15.0616 0288 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 18:22:15.0694 0288 lltdio - ok 18:22:15.0741 0288 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 18:22:15.0757 0288 LSI_FC - ok 18:22:15.0772 0288 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 18:22:15.0788 0288 LSI_SAS - ok 18:22:15.0804 0288 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:22:15.0819 0288 LSI_SAS2 - ok 18:22:15.0850 0288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:22:15.0850 0288 LSI_SCSI - ok 18:22:15.0882 0288 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 18:22:15.0928 0288 luafv - ok 18:22:15.0975 0288 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 18:22:15.0991 0288 MBAMProtector - ok 18:22:16.0022 0288 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 18:22:16.0038 0288 megasas - ok 18:22:16.0069 0288 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 18:22:16.0084 0288 MegaSR - ok 18:22:16.0100 0288 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 18:22:16.0162 0288 Modem - ok 18:22:16.0209 0288 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 18:22:16.0240 0288 monitor - ok 18:22:16.0272 0288 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 18:22:16.0303 0288 mouclass - ok 18:22:16.0318 0288 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 18:22:16.0350 0288 mouhid - ok 18:22:16.0381 0288 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 18:22:16.0396 0288 mountmgr - ok 18:22:16.0428 0288 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 18:22:16.0443 0288 mpio - ok 18:22:16.0474 0288 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 18:22:16.0506 0288 mpsdrv - ok 18:22:16.0537 0288 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 18:22:16.0584 0288 MRxDAV - ok 18:22:16.0615 0288 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:22:16.0662 0288 mrxsmb - ok 18:22:16.0677 0288 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:22:16.0724 0288 mrxsmb10 - ok 18:22:16.0740 0288 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:22:16.0740 0288 mrxsmb20 - ok 18:22:16.0771 0288 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 18:22:16.0786 0288 msahci - ok 18:22:16.0802 0288 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 18:22:16.0818 0288 msdsm - ok 18:22:16.0833 0288 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 18:22:16.0864 0288 Msfs - ok 18:22:16.0880 0288 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 18:22:16.0942 0288 mshidkmdf - ok 18:22:16.0974 0288 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 18:22:16.0974 0288 msisadrv - ok 18:22:17.0005 0288 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 18:22:17.0036 0288 MSKSSRV - ok 18:22:17.0052 0288 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 18:22:17.0098 0288 MSPCLOCK - ok 18:22:17.0114 0288 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 18:22:17.0161 0288 MSPQM - ok 18:22:17.0192 0288 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 18:22:17.0208 0288 MsRPC - ok 18:22:17.0239 0288 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 18:22:17.0239 0288 mssmbios - ok 18:22:17.0254 0288 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 18:22:17.0301 0288 MSTEE - ok 18:22:17.0332 0288 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 18:22:17.0379 0288 MTConfig - ok 18:22:17.0410 0288 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 18:22:17.0426 0288 Mup - ok 18:22:17.0457 0288 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 18:22:17.0504 0288 NativeWifiP - ok 18:22:17.0582 0288 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 18:22:17.0613 0288 NDIS - ok 18:22:17.0629 0288 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 18:22:17.0660 0288 NdisCap - ok 18:22:17.0691 0288 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 18:22:17.0754 0288 NdisTapi - ok 18:22:17.0800 0288 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 18:22:17.0847 0288 Ndisuio - ok 18:22:17.0878 0288 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 18:22:17.0941 0288 NdisWan - ok 18:22:17.0972 0288 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 18:22:18.0003 0288 NDProxy - ok 18:22:18.0034 0288 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 18:22:18.0066 0288 NetBIOS - ok 18:22:18.0112 0288 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 18:22:18.0159 0288 NetBT - ok 18:22:18.0190 0288 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 18:22:18.0206 0288 nfrd960 - ok 18:22:18.0222 0288 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 18:22:18.0268 0288 Npfs - ok 18:22:18.0300 0288 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 18:22:18.0362 0288 nsiproxy - ok 18:22:18.0424 0288 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 18:22:18.0471 0288 Ntfs - ok 18:22:18.0502 0288 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 18:22:18.0580 0288 Null - ok 18:22:18.0627 0288 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 18:22:18.0643 0288 nvraid - ok 18:22:18.0690 0288 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 18:22:18.0705 0288 nvstor - ok 18:22:18.0752 0288 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 18:22:18.0768 0288 nv_agp - ok 18:22:18.0814 0288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 18:22:18.0846 0288 ohci1394 - ok 18:22:18.0892 0288 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 18:22:18.0924 0288 Parport - ok 18:22:19.0017 0288 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 18:22:19.0033 0288 partmgr - ok 18:22:19.0064 0288 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 18:22:19.0080 0288 pci - ok 18:22:19.0095 0288 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 18:22:19.0111 0288 pciide - ok 18:22:19.0126 0288 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 18:22:19.0142 0288 pcmcia - ok 18:22:19.0173 0288 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 18:22:19.0173 0288 pcw - ok 18:22:19.0204 0288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 18:22:19.0267 0288 PEAUTH - ok 18:22:19.0314 0288 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys 18:22:19.0329 0288 Point64 - ok 18:22:19.0376 0288 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 18:22:19.0454 0288 PptpMiniport - ok 18:22:19.0470 0288 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 18:22:19.0501 0288 Processor - ok 18:22:19.0563 0288 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 18:22:19.0626 0288 Psched - ok 18:22:19.0641 0288 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 18:22:19.0657 0288 PxHlpa64 - ok 18:22:19.0688 0288 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 18:22:19.0735 0288 ql2300 - ok 18:22:19.0750 0288 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 18:22:19.0766 0288 ql40xx - ok 18:22:19.0813 0288 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 18:22:19.0860 0288 QWAVEdrv - ok 18:22:19.0875 0288 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 18:22:19.0906 0288 RasAcd - ok 18:22:19.0938 0288 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:22:19.0984 0288 RasAgileVpn - ok 18:22:20.0031 0288 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:22:20.0094 0288 Rasl2tp - ok 18:22:20.0125 0288 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 18:22:20.0172 0288 RasPppoe - ok 18:22:20.0187 0288 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 18:22:20.0218 0288 RasSstp - ok 18:22:20.0265 0288 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 18:22:20.0312 0288 rdbss - ok 18:22:20.0343 0288 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 18:22:20.0359 0288 rdpbus - ok 18:22:20.0374 0288 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:22:20.0406 0288 RDPCDD - ok 18:22:20.0437 0288 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 18:22:20.0499 0288 RDPENCDD - ok 18:22:20.0499 0288 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 18:22:20.0530 0288 RDPREFMP - ok 18:22:20.0577 0288 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 18:22:20.0608 0288 RDPWD - ok 18:22:20.0655 0288 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 18:22:20.0655 0288 rdyboost - ok 18:22:20.0702 0288 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 18:22:20.0733 0288 rspndr - ok 18:22:20.0780 0288 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys 18:22:20.0811 0288 RTL8167 - ok 18:22:20.0842 0288 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 18:22:20.0842 0288 sbp2port - ok 18:22:20.0889 0288 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 18:22:20.0952 0288 scfilter - ok 18:22:20.0983 0288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 18:22:21.0030 0288 secdrv - ok 18:22:21.0061 0288 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 18:22:21.0092 0288 Serenum - ok 18:22:21.0108 0288 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 18:22:21.0123 0288 Serial - ok 18:22:21.0154 0288 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 18:22:21.0186 0288 sermouse - ok 18:22:21.0217 0288 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 18:22:21.0279 0288 sffdisk - ok 18:22:21.0295 0288 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 18:22:21.0326 0288 sffp_mmc - ok 18:22:21.0342 0288 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 18:22:21.0373 0288 sffp_sd - ok 18:22:21.0404 0288 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 18:22:21.0420 0288 sfloppy - ok 18:22:21.0466 0288 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:22:21.0466 0288 SiSRaid2 - ok 18:22:21.0498 0288 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 18:22:21.0513 0288 SiSRaid4 - ok 18:22:21.0529 0288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 18:22:21.0576 0288 Smb - ok 18:22:21.0607 0288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 18:22:21.0607 0288 spldr - ok 18:22:21.0654 0288 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 18:22:21.0685 0288 srv - ok 18:22:21.0716 0288 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 18:22:21.0747 0288 srv2 - ok 18:22:21.0778 0288 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 18:22:21.0794 0288 srvnet - ok 18:22:21.0825 0288 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 18:22:21.0841 0288 stexstor - ok 18:22:21.0872 0288 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 18:22:21.0888 0288 swenum - ok 18:22:21.0919 0288 sxuptp (e4154c5ce666b713de9398c053d8fb7e) C:\Windows\system32\DRIVERS\sxuptp.sys 18:22:21.0950 0288 sxuptp - ok 18:22:22.0012 0288 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys 18:22:22.0059 0288 Tcpip - ok 18:22:22.0122 0288 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys 18:22:22.0153 0288 TCPIP6 - ok 18:22:22.0184 0288 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 18:22:22.0246 0288 tcpipreg - ok 18:22:22.0293 0288 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 18:22:22.0324 0288 TDPIPE - ok 18:22:22.0356 0288 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 18:22:22.0402 0288 TDTCP - ok 18:22:22.0449 0288 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 18:22:22.0496 0288 tdx - ok 18:22:22.0527 0288 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 18:22:22.0527 0288 TermDD - ok 18:22:22.0574 0288 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:22:22.0636 0288 tssecsrv - ok 18:22:22.0683 0288 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 18:22:22.0714 0288 TsUsbFlt - ok 18:22:22.0777 0288 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 18:22:22.0824 0288 tunnel - ok 18:22:22.0855 0288 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 18:22:22.0855 0288 uagp35 - ok 18:22:22.0902 0288 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 18:22:22.0964 0288 udfs - ok 18:22:22.0980 0288 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 18:22:22.0995 0288 uliagpkx - ok 18:22:23.0042 0288 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 18:22:23.0058 0288 umbus - ok 18:22:23.0089 0288 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 18:22:23.0120 0288 UmPass - ok 18:22:23.0167 0288 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 18:22:23.0214 0288 USBAAPL64 - ok 18:22:23.0245 0288 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 18:22:23.0276 0288 usbaudio - ok 18:22:23.0307 0288 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 18:22:23.0323 0288 usbccgp - ok 18:22:23.0354 0288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 18:22:23.0385 0288 usbcir - ok 18:22:23.0416 0288 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 18:22:23.0432 0288 usbehci - ok 18:22:23.0479 0288 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 18:22:23.0510 0288 usbhub - ok 18:22:23.0541 0288 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 18:22:23.0572 0288 usbohci - ok 18:22:23.0635 0288 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 18:22:23.0650 0288 usbprint - ok 18:22:23.0666 0288 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 18:22:23.0682 0288 USBSTOR - ok 18:22:23.0697 0288 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 18:22:23.0728 0288 usbuhci - ok 18:22:23.0775 0288 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 18:22:23.0775 0288 vdrvroot - ok 18:22:23.0806 0288 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 18:22:23.0822 0288 vga - ok 18:22:23.0838 0288 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 18:22:23.0884 0288 VgaSave - ok 18:22:23.0916 0288 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 18:22:23.0931 0288 vhdmp - ok 18:22:23.0962 0288 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 18:22:23.0962 0288 viaide - ok 18:22:23.0994 0288 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 18:22:24.0009 0288 volmgr - ok 18:22:24.0056 0288 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 18:22:24.0072 0288 volmgrx - ok 18:22:24.0103 0288 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 18:22:24.0103 0288 volsnap - ok 18:22:24.0134 0288 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 18:22:24.0150 0288 vsmraid - ok 18:22:24.0196 0288 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 18:22:24.0243 0288 vwifibus - ok 18:22:24.0274 0288 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 18:22:24.0274 0288 WacomPen - ok 18:22:24.0306 0288 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 18:22:24.0384 0288 WANARP - ok 18:22:24.0399 0288 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 18:22:24.0430 0288 Wanarpv6 - ok 18:22:24.0446 0288 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 18:22:24.0462 0288 Wd - ok 18:22:24.0493 0288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 18:22:24.0508 0288 Wdf01000 - ok 18:22:24.0555 0288 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 18:22:24.0571 0288 WfpLwf - ok 18:22:24.0618 0288 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 18:22:24.0633 0288 WimFltr - ok 18:22:24.0633 0288 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 18:22:24.0649 0288 WIMMount - ok 18:22:24.0696 0288 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 18:22:24.0711 0288 WinUsb - ok 18:22:24.0742 0288 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 18:22:24.0758 0288 WmiAcpi - ok 18:22:24.0805 0288 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 18:22:24.0820 0288 ws2ifsl - ok 18:22:24.0867 0288 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 18:22:24.0930 0288 WudfPf - ok 18:22:24.0945 0288 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:22:24.0992 0288 WUDFRd - ok 18:22:25.0023 0288 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 18:22:25.0101 0288 \Device\Harddisk0\DR0 - ok 18:22:25.0101 0288 Boot (0x1200) (c351d222a799e0120e833e00cb03ef45) \Device\Harddisk0\DR0\Partition0 18:22:25.0101 0288 \Device\Harddisk0\DR0\Partition0 - ok 18:22:25.0132 0288 Boot (0x1200) (90b73d0e34c62385a1797d0eabfe8d68) \Device\Harddisk0\DR0\Partition1 18:22:25.0132 0288 \Device\Harddisk0\DR0\Partition1 - ok 18:22:25.0132 0288 ============================================================ 18:22:25.0132 0288 Scan finished 18:22:25.0132 0288 ============================================================ 18:22:25.0148 3848 Detected object count: 0 18:22:25.0148 3848 Actual detected object count: 0 |
|
05.10.2011, 18:25
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Virus(?) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
05.10.2011, 19:42
| #12 |
| | Facebook Virus(?) Hi, Als ich Compofix ausführen wollte stand in den Blauen Box: MicroLab\Searchengin\" kann Sybtaktisch an dieser Stelle nicht verarbeite werden. Dieser Text stand dann da für 30 min. Antivir und alle anderen Anwendungen, Programme waren aus. weiß nich ob das jetzt so richtig ist oder ob ich was vergessen hab. |
|
05.10.2011, 21:55
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Virus(?) Ist CF mittlerweile weiter?
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
07.10.2011, 16:13
| #14 |
| | Facebook Virus(?) Sry für die Späte antwort^^ Combofix Logfile: Code:
ATTFilter ComboFix 11-10-07.03 - Adriaan 07.10.2011 13:34:48.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2876 [GMT 2:00]
ausgeführt von:: c:\users\Adriaan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-07 bis 2011-10-07 ))))))))))))))))))))))))))))))
.
.
2011-10-07 11:42 . 2011-10-07 11:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D528104-5F39-452D-8126-10CB3AE698AE}\offreg.dll
2011-10-05 15:21 . 2011-10-05 15:21 -------- d-----w- C:\_OTL
2011-10-03 15:03 . 2011-10-03 15:07 -------- d-----w- c:\users\Adriaan\AppData\Roaming\uTorrent
2011-09-29 17:41 . 2011-09-29 17:41 -------- d-----w- c:\program files (x86)\ESET
2011-09-25 17:26 . 2011-09-30 23:38 -------- d-----w- c:\program files (x86)\World of Warcraft Public Test
2011-09-25 17:11 . 2011-09-25 17:16 -------- d-----w- c:\users\Adriaan\PTR Installer 4.0.0.12824 deDE
2011-09-23 14:50 . 2011-09-23 14:50 -------- d-----w- c:\users\Adriaan\AppData\Roaming\Malwarebytes
2011-09-23 14:50 . 2011-09-23 14:50 -------- d-----w- c:\programdata\Malwarebytes
2011-09-23 14:50 . 2011-09-23 14:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-23 14:50 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 14:40 . 2011-10-07 11:13 -------- d-----w- c:\users\Adriaan\AppData\Local\LogMeIn Hamachi
2011-09-18 14:40 . 2011-09-18 14:40 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-29 23:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-29 23:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-28 09:40 . 2011-08-28 09:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-26 22:21 . 2011-08-26 22:21 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2011-08-01 13:59 . 2011-08-01 13:59 45416 ----a-w- c:\windows\system32\drivers\point64.sys
2011-07-22 05:22 . 2011-08-28 11:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:54 . 2011-08-28 11:05 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-21 10:11 . 2011-08-28 09:04 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-21 10:11 . 2011-08-28 09:04 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-16 05:41 . 2011-08-28 11:06 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-28 11:06 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-28 11:06 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-28 11:06 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-28 11:06 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-28 11:06 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-28 11:06 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-28 11:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-28 11:06 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-28 11:06 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-28 11:06 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-28 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-28 11:06 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-28 11:06 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-28 11:06 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-28 11:06 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-28 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-28 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 09:34 . 2011-07-12 09:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:34 . 2011-07-12 09:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:34 . 2011-07-12 09:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:34 . 2011-07-12 09:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-09 17:38 2331672 ----a-w- c:\program files (x86)\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-28 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-18 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files (x86)\RocketDock\RocketDock.exe [2011-8-28 495616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Adriaan\AppData\Roaming\Mozilla\Firefox\Profiles\jno8lgbb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-msnmsgr - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_heroes.exe
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - c:\program files (x86)\EA Games\Battlefield Heroes\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-07 15:57:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-10-07 13:57
.
Vor Suchlauf: 21 Verzeichnis(se), 233.377.357.824 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 224.945.631.232 Bytes frei
.
- - End Of File - - EB90942913CFB87C9395F4B4DAB8D9A7
|
|
07.10.2011, 17:11
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Virus(?) Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
| Themen zu Facebook Virus(?) |
| appdata, avira, cache, chat, downloader, einfach, escan, eset, firefox, folge, forum, found, links, logfile, mozilla, nichts, online, onlinescan, programm, scan, service, spam mails, trojan, trojaner, version, virus, woche |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
