Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Phorpiex Virus von Facebook loswerden, nur wie?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.12.2011, 13:59   #1
TL32TL
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Hallo Leute,

ich hab gestern von nem Facebookfreund nen Link geschickt bekommen, wo ich natürlich gleich draufgedrückt hab und seitdem wurde vielen Freunden aus meiner freundesliste eine Mail mit diesem Link geschrieben.

Bei GuteFrage.net habe ich bereits erfahren, dass es sich um den Phorpiex Wurm handelt (hxxp://www.gutefrage.net/frage/facebook-virus-versendet-viren-automatisch-weiter-bitte-helft-mir). Außerdem wurde mir gesagt, dass ich mir das Programm Malwaresbyte runterladen soll und in diesem Forum die Logdaten posten soll:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8351

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11.12.2011 14:30:50
mbam-log-2011-12-11 (14-30-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 767095
Laufzeit: 2 Stunde(n), 45 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12

Infizierte Speicherprozesse:
c:\Users\tom\2397-5973-7874-8623\winmgr.exe (Backdoor.IRCBot) -> 1072 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Manager (Backdoor.IRCBot) -> Value: Microsoft® Windows Manager -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\tom\2397-5973-7874-8623\winmgr.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\tom\downloads\img05205805.jpg.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\Google\Chrome\user data\Default\Cache\f_000868 (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\C10DZ0G1\f[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\C10DZ0G1\b[1].exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\C10DZ0G1\st[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\Temp\9750271.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\Temp\0340509.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\Temp\16538.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\Temp\2104002.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\Temp\3949066.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\tom\AppData\Local\Temp\msimg32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Was soll ich nun machen? Ist der Virus jetzt beseitigt?

Danke schonmal,TL

Alt 12.12.2011, 13:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 14.12.2011, 05:36   #3
TL32TL
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Hallo cosius,

ich habe den ESET Online Scanner nun durchlaufen lassen und er hat eine Infected File gefunden. Dabei handelt es sich aber glaube ich nicht um den Virus Phorpiex sondern um irgendeinen Virus von der Downloadseite Softonic. Hier dei log.exe:

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=56b1ff17ec058a479105400ff87dd2dc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-13 10:14:39
# local_time=2011-12-13 11:14:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 4668 161324724 0 0
# compatibility_mode=8192 67108863 100 0 5520 5520 0 0
# scanned=597470
# found=1
# cleaned=0
# scan_time=22483
C:\Users\tom\Downloads\SoftonicDownloader_fuer_guitar-pro.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

Was soll ich nun tun? Ist der Phorpiex Virus jetzt entfernt? Wie kann ich die Infected File von Softonic nun entfernen?

Danke schonmal,TL
__________________

Alt 14.12.2011, 10:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2011, 13:15   #5
TL32TL
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Hier die OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.12.2011 13:50:24 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\tom\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 64,99% Memory free
6,72 Gb Paging File | 5,41 Gb Available in Paging File | 80,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 15,19 Gb Free Space | 2,64% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,96 Gb Free Space | 49,84% Space Free | Partition Type: FAT32
Drive H: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TOM-PC | User Name: tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.14 13:48:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tom\Downloads\OTL.exe
PRC - [2011.09.08 18:30:10 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.09.08 18:29:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.09.08 12:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.03.09 15:57:23 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.08 17:51:22 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.09.08 12:53:30 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.09.08 12:41:26 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011.06.21 12:20:28 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9e40949744b36534fe62cd64ddccb6a1\WindowsFormsIntegration.ni.dll
MOD - [2011.06.21 12:18:36 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1342e13a5f5613678d438405bed08ddd\UIAutomationProvider.ni.dll
MOD - [2011.06.16 16:09:46 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.06.16 16:09:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.06.16 16:09:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.06.16 16:08:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.16 16:07:47 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.16 16:07:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.16 16:07:16 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f4767076b1a225e440db402bbabf5a14\System.Core.ni.dll
MOD - [2011.06.16 16:07:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011.06.16 16:07:11 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011.06.16 16:06:49 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011.06.16 16:06:34 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011.06.16 16:06:31 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.16 16:06:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.03.09 15:57:23 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.08 15:32:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.08 18:29:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.09.08 12:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009.08.24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.08 19:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.09.08 19:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.09.08 17:52:20 | 000,248,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.24 05:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2010.09.29 23:13:46 | 000,020,088 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.08.09 17:36:49 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.08.09 17:36:48 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.04.25 14:16:55 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.11.11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.02.14 14:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.01.12 19:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.07.05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.songsterr.com/a/wa/song?trackPos=0&id=289
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\tom\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\tom\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\tom\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Users\tom\Desktop\Eigene Dateien\Programme\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\tom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23AB4A1C-4B88-494A-88A8-9B0AEC776514}: NameServer = 212.18.0.5 212.18.3.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF00E59-0769-4D3F-A4D4-0839CE13F5AE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img26.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img26.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - H:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - H:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - H:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.11 11:36:06 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Malwarebytes
[2011.12.11 11:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.11 11:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.11 11:35:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.11 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.10 14:00:09 | 000,000,000 | RHSD | C] -- C:\Users\tom\2397-5973-7874-8623
[2011.12.09 14:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011.12.09 14:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\simfy
[2011.12.08 07:32:47 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Venetica
[2011.12.06 17:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503
[2011.12.06 17:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO 1503
[2011.12.06 17:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica
[2011.12.06 17:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Venetica
[2011.12.06 16:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos
[2011.12.03 11:40:02 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011.11.27 10:55:19 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\BFBC2
[2011.11.20 19:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.19 12:38:20 | 000,000,000 | ---D | C] -- C:\Users\tom\Nehrim
[2011.11.19 12:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nehrim - Am Rande des Schicksals
[2011.11.19 12:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\SureAI
[2011.11.16 16:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.14 13:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011.12.14 13:45:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.14 13:40:46 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.14 13:39:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 13:39:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 13:39:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.14 13:39:41 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.14 06:23:22 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1362803966-707695060-1972178968-1000UA.job
[2011.12.13 19:23:03 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1362803966-707695060-1972178968-1000Core.job
[2011.12.12 17:42:15 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.12.12 17:42:05 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.12.12 17:40:34 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.12.11 15:02:32 | 000,004,330 | ---- | M] () -- C:\Users\tom\AppData\Roaming\wklnhst.dat
[2011.12.11 11:36:00 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.06 17:48:55 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\ANNO 1503.lnk
[2011.12.06 17:33:20 | 000,001,091 | ---- | M] () -- C:\Users\tom\Desktop\Batman Arkham Asylum.lnk
[2011.12.06 17:32:01 | 000,001,904 | ---- | M] () -- C:\Users\tom\Desktop\Venetica.lnk
[2011.12.06 16:17:39 | 000,000,930 | ---- | M] () -- C:\Users\tom\Desktop\World in Conflict.lnk
[2011.12.04 12:57:52 | 000,071,168 | ---- | M] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.29 18:31:48 | 000,000,032 | ---- | M] () -- C:\Users\tom\.simfy
[2011.11.29 16:29:15 | 000,138,056 | ---- | M] () -- C:\Users\tom\AppData\Roaming\PnkBstrK.sys
[2011.11.29 16:28:49 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011.11.28 13:54:32 | 000,681,026 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.28 13:54:32 | 000,631,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.28 13:54:32 | 000,146,068 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.28 13:54:32 | 000,120,424 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.26 12:01:02 | 000,000,215 | ---- | M] () -- C:\Users\tom\Desktop\Battlefield Bad Company 2.url
[2011.11.26 11:55:23 | 000,000,216 | ---- | M] () -- C:\Users\tom\Desktop\Terraria.url
[2011.11.23 19:57:03 | 000,009,728 | ---- | M] () -- C:\Users\tom\Documents\Bewerbung321321321.wps
[2011.11.23 14:26:48 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2011.11.21 14:24:11 | 000,002,036 | ---- | M] () -- C:\Users\tom\Desktop\Google Chrome.lnk
[2011.11.20 19:48:38 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.20 19:21:02 | 000,009,728 | ---- | M] () -- C:\Users\tom\Documents\Bewerbung321321.wps
[2011.11.20 19:13:02 | 000,009,728 | ---- | M] () -- C:\Users\tom\Documents\Bewerbung321.wps
[2011.11.20 19:12:03 | 000,009,728 | ---- | M] () -- C:\Users\tom\Documents\Bewerbung.wps
[2011.11.19 12:28:27 | 000,001,777 | ---- | M] () -- C:\Users\tom\Desktop\Nehrim - Am Rande des Schicksals.lnk
[2011.11.16 16:43:09 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.11 11:36:00 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.06 17:48:55 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\ANNO 1503.lnk
[2011.12.06 17:33:20 | 000,001,091 | ---- | C] () -- C:\Users\tom\Desktop\Batman Arkham Asylum.lnk
[2011.12.06 17:32:01 | 000,001,904 | ---- | C] () -- C:\Users\tom\Desktop\Venetica.lnk
[2011.12.06 16:17:39 | 000,000,930 | ---- | C] () -- C:\Users\tom\Desktop\World in Conflict.lnk
[2011.11.29 18:31:48 | 000,000,032 | ---- | C] () -- C:\Users\tom\.simfy
[2011.11.27 10:44:34 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011.11.26 12:01:02 | 000,000,215 | ---- | C] () -- C:\Users\tom\Desktop\Battlefield Bad Company 2.url
[2011.11.26 11:55:23 | 000,000,216 | ---- | C] () -- C:\Users\tom\Desktop\Terraria.url
[2011.11.23 14:26:48 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2011.11.21 19:59:12 | 000,009,728 | ---- | C] () -- C:\Users\tom\Documents\Bewerbung321321321.wps
[2011.11.20 19:48:38 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.20 19:13:19 | 000,009,728 | ---- | C] () -- C:\Users\tom\Documents\Bewerbung321321.wps
[2011.11.20 19:12:10 | 000,009,728 | ---- | C] () -- C:\Users\tom\Documents\Bewerbung321.wps
[2011.11.19 12:28:27 | 000,001,777 | ---- | C] () -- C:\Users\tom\Desktop\Nehrim - Am Rande des Schicksals.lnk
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.08.26 15:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.07.30 14:28:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.10.24 10:56:10 | 000,001,853 | ---- | C] () -- C:\Windows\WINWORD6.INI
[2010.10.24 10:56:06 | 000,000,096 | ---- | C] () -- C:\Windows\WINHELP.INI
[2010.10.24 10:55:17 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI
[2010.10.24 10:55:00 | 000,002,122 | ---- | C] () -- C:\Windows\MSFNTMAP.INI
[2010.10.24 10:55:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI
[2010.09.29 02:13:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.07.26 16:36:33 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.07.25 13:02:32 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.25 13:02:31 | 000,138,056 | ---- | C] () -- C:\Users\tom\AppData\Roaming\PnkBstrK.sys
[2010.07.25 13:02:04 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.25 13:01:51 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.07.25 13:01:51 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.05.06 16:04:31 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2009.09.30 15:36:04 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI
[2009.08.09 17:36:48 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.09 17:36:48 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.28 15:17:45 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.06.28 15:17:44 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.04.30 15:28:03 | 000,002,032 | ---- | C] () -- C:\Users\tom\AppData\Local\d3d9caps.dat
[2009.02.20 18:39:12 | 000,071,168 | ---- | C] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.20 17:30:08 | 000,004,330 | ---- | C] () -- C:\Users\tom\AppData\Roaming\wklnhst.dat
[2008.12.18 12:31:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.10 15:31:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008.12.10 14:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.12.01 21:08:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.11.24 18:37:33 | 000,681,026 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.11.24 18:37:33 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.11.24 18:37:33 | 000,146,068 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.11.24 18:37:33 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.11.24 10:42:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.24 10:42:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,351,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,631,792 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,120,424 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.01.14 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\.k3d
[2011.06.14 12:46:11 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\.minecraft
[2009.08.11 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Activision
[2009.12.18 15:17:40 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ankh
[2010.02.06 11:55:48 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ankh - Heart of Osiris
[2009.06.03 09:23:45 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Armagetron
[2010.04.07 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Atari
[2010.11.28 18:38:37 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Blender Foundation
[2010.12.26 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dev-Cpp
[2009.04.26 17:38:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dreamlords
[2011.02.13 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.07 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\flightgear.org
[2009.09.03 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\FUEL Demo
[2011.01.23 10:12:48 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Guitar Pro 6
[2010.07.08 16:39:13 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Imperium Romanum
[2010.04.07 11:57:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Leadertech
[2010.06.01 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\LEGO Company
[2009.02.21 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\LEGO Media
[2010.12.25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Notepad++
[2011.10.20 13:49:47 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\OpenOffice.org
[2011.11.17 18:24:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Origin
[2010.10.16 19:27:55 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Phase6
[2010.02.16 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\ProtectDisc
[2011.09.18 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Rovio
[2010.02.08 16:16:36 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Silver Style Entertainment
[2011.07.22 16:36:09 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Simfy
[2010.11.03 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\smc
[2010.12.26 10:10:39 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Splitscreen Studios
[2009.03.16 15:51:17 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SPORE
[2010.05.04 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\streamripper
[2010.11.05 11:24:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\supertuxkart
[2009.05.22 18:17:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Template
[2011.09.09 15:49:54 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Tropico 3
[2010.05.30 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ubisoft
[2010.02.22 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Windows Live Writer
[2011.10.15 08:28:49 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\XnView
[2011.12.14 06:56:45 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.14 13:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.14 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\.k3d
[2011.06.14 12:46:11 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\.minecraft
[2009.08.11 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Activision
[2011.07.22 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Adobe
[2009.12.18 15:17:40 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ankh
[2010.02.06 11:55:48 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ankh - Heart of Osiris
[2010.02.27 12:34:05 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Apple Computer
[2009.06.03 09:23:45 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Armagetron
[2010.04.07 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Atari
[2009.02.20 17:23:53 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\ATI
[2010.02.18 16:43:31 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\AVS4YOU
[2010.11.28 18:38:37 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Blender Foundation
[2009.04.28 18:43:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Corel
[2009.08.10 15:28:19 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\CyberLink
[2010.12.26 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dev-Cpp
[2009.04.26 17:38:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dreamlords
[2011.02.13 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.07 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\flightgear.org
[2009.09.03 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\FUEL Demo
[2010.11.13 13:13:53 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Google
[2011.01.23 10:12:48 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Guitar Pro 6
[2009.07.20 13:56:53 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Hamachi
[2009.02.20 17:23:30 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Identities
[2010.07.08 16:39:13 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Imperium Romanum
[2010.12.30 09:57:14 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\InstallShield
[2010.04.07 11:57:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Leadertech
[2010.06.01 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\LEGO Company
[2009.02.21 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\LEGO Media
[2009.02.20 17:22:46 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Macromedia
[2011.12.11 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Media Center Programs
[2010.11.16 18:45:13 | 000,000,000 | --SD | M] -- C:\Users\tom\AppData\Roaming\Microsoft
[2009.08.09 18:00:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Microsoft Games
[2010.10.16 19:27:57 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Mozilla
[2009.02.20 17:28:32 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Nero
[2010.12.25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Notepad++
[2011.10.20 13:49:47 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\OpenOffice.org
[2011.11.17 18:24:35 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Origin
[2010.10.16 19:27:55 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Phase6
[2010.02.16 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\ProtectDisc
[2011.09.18 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Rovio
[2009.02.27 10:04:17 | 000,000,000 | RH-D | M] -- C:\Users\tom\AppData\Roaming\SecuROM
[2010.02.08 16:16:36 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Silver Style Entertainment
[2011.07.22 16:36:09 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Simfy
[2010.11.03 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\smc
[2010.12.26 10:10:39 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Splitscreen Studios
[2009.03.16 15:51:17 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SPORE
[2010.05.04 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\streamripper
[2010.11.05 11:24:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\supertuxkart
[2009.05.22 18:17:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Template
[2011.09.09 15:49:54 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Tropico 3
[2010.05.30 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Ubisoft
[2010.05.05 13:47:03 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Winamp
[2010.02.22 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Windows Live Writer
[2011.10.15 08:28:49 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2009.04.26 17:36:55 | 002,086,437 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Dreamlords\DreamlordsPatch_1.4.6.10185_to_1.4.7.10232.exe
[2009.04.26 17:39:21 | 002,040,324 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Dreamlords\DreamlordsPatch_1.4.7.10232_to_1.4.8.10266.exe
[2011.07.22 16:35:41 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\tom\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.09.06 11:33:21 | 000,010,134 | R--- | M] () -- C:\Users\tom\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2009.10.09 16:16:57 | 000,010,134 | R--- | M] () -- C:\Users\tom\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2009.07.08 13:15:19 | 000,010,134 | R--- | M] () -- C:\Users\tom\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.09.18 13:21:17 | 046,370,928 | ---- | M] (Rovio) -- C:\Users\tom\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.2.exe
[2011.10.08 09:35:41 | 046,678,912 | ---- | M] (Rovio) -- C:\Users\tom\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.3.1.exe
[2011.10.05 13:42:35 | 046,676,456 | ---- | M] (Rovio) -- C:\Users\tom\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.3.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys
[2007.11.01 20:31:44 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.09.08 18:30:38 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
--- --- ---

Was soll ich nun machen?


Alt 14.12.2011, 14:16   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
MOD - [2011.03.09 15:57:23 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
[2011/03/19 09:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Uniblue
[2011/07/14 13:42:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.songsterr.com/a/wa/song?trackPos=0&id=289
O4 - HKLM..\Run: [WinampAgent] "C:\Users\tom\Desktop\Eigene Dateien\Programme\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - H:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - H:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - H:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
[2011.12.10 14:00:09 | 000,000,000 | RHSD | C] -- C:\Users\tom\2397-5973-7874-8623
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Phorpiex Virus von Facebook loswerden, nur wie?

Alt 15.12.2011, 14:26   #7
TL32TL
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Hier ist die Logfile:

All processes killed
========== OTL ==========
Folder C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Uniblue\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files\Pando Networks\Media Booster\PMB.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:credssp.dll deleted successfully.
File edssp.dll) -credssp.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\autorun.dat scheduled to be moved on reboot.
File move failed. H:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65c6b4aa-ff68-11dd-b4af-806e6f6e6963}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
C:\Users\tom\2397-5973-7874-8623 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56551 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: tom
->Temp folder emptied: 7561521417 bytes
->Temporary Internet Files folder emptied: 49582202 bytes
->Java cache emptied: 748655 bytes
->Google Chrome cache emptied: 245516310 bytes
->Apple Safari cache emptied: 1142784 bytes
->Flash cache emptied: 106104 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2032398 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 283108064 bytes
RecycleBin emptied: 8515525871 bytes

Total Files Cleaned = 15.889,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12152011_151206

Files\Folders moved on Reboot...
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\autorun.dat scheduled to be moved on reboot.
File move failed. H:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 15.12.2011, 14:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.12.2011, 13:06   #9
TL32TL
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Ich hab den TDSS Killer jetzt durchlaufen lassen und das Log lässt sich nicht kopieren.
Wo finde Ich nun die Windows Systempartition?

Alt 18.12.2011, 13:11   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Direkt auf C:
IdR ist C: die Systempartition. Eben diese worauf Windows installiert ist
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.12.2011, 17:04   #11
TL32TL
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Hier ist das Log:

11:57:10.0119 2144 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:57:10.0366 2144 ============================================================
11:57:10.0366 2144 Current date / time: 2011/12/17 11:57:10.0366
11:57:10.0366 2144 SystemInfo:
11:57:10.0366 2144
11:57:10.0366 2144 OS Version: 6.0.6002 ServicePack: 2.0
11:57:10.0366 2144 Product type: Workstation
11:57:10.0366 2144 ComputerName: TOM-PC
11:57:10.0366 2144 UserName: tom
11:57:10.0366 2144 Windows directory: C:\Windows
11:57:10.0366 2144 System windows directory: C:\Windows
11:57:10.0366 2144 Processor architecture: Intel x86
11:57:10.0366 2144 Number of processors: 2
11:57:10.0366 2144 Page size: 0x1000
11:57:10.0366 2144 Boot type: Normal boot
11:57:10.0366 2144 ============================================================
11:57:11.0326 2144 Initialize success
11:57:30.0628 4604 ============================================================
11:57:30.0628 4604 Scan started
11:57:30.0628 4604 Mode: Manual; SigCheck; TDLFS;
11:57:30.0628 4604 ============================================================
11:57:31.0156 4604 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
11:57:31.0317 4604 acedrv11 - ok
11:57:31.0354 4604 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:57:31.0373 4604 ACPI - ok
11:57:31.0413 4604 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:57:31.0452 4604 adp94xx - ok
11:57:31.0503 4604 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:57:31.0516 4604 adpahci - ok
11:57:31.0533 4604 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:57:31.0542 4604 adpu160m - ok
11:57:31.0556 4604 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:57:31.0568 4604 adpu320 - ok
11:57:31.0616 4604 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:57:31.0684 4604 AFD - ok
11:57:31.0707 4604 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:57:31.0714 4604 agp440 - ok
11:57:31.0749 4604 ahcix86s (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
11:57:31.0763 4604 ahcix86s - ok
11:57:31.0783 4604 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:57:31.0792 4604 aic78xx - ok
11:57:31.0816 4604 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:57:31.0823 4604 aliide - ok
11:57:31.0873 4604 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:57:31.0887 4604 amdagp - ok
11:57:31.0902 4604 amdide (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
11:57:31.0916 4604 amdide - ok
11:57:31.0947 4604 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
11:57:31.0954 4604 amdiox86 - ok
11:57:31.0985 4604 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:57:32.0073 4604 AmdK7 - ok
11:57:32.0092 4604 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:57:32.0159 4604 AmdK8 - ok
11:57:32.0395 4604 amdkmdag (bc7c2154c4b23f74222859c4d93a3039) C:\Windows\system32\DRIVERS\atikmdag.sys
11:57:32.0796 4604 amdkmdag - ok
11:57:32.0833 4604 amdkmdap (dc5d417390a70db5583374a232be622f) C:\Windows\system32\DRIVERS\atikmpag.sys
11:57:32.0870 4604 amdkmdap - ok
11:57:32.0932 4604 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
11:57:32.0963 4604 AmdLLD - ok
11:57:33.0033 4604 AODDriver4.01 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
11:57:33.0059 4604 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - warning
11:57:33.0059 4604 AODDriver4.01 - detected UnsignedFile.Multi.Generic (1)
11:57:33.0123 4604 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:57:33.0137 4604 arc - ok
11:57:33.0166 4604 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:57:33.0181 4604 arcsas - ok
11:57:33.0238 4604 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:57:33.0323 4604 AsyncMac - ok
11:57:33.0339 4604 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:57:33.0355 4604 atapi - ok
11:57:33.0604 4604 atikmdag (bc7c2154c4b23f74222859c4d93a3039) C:\Windows\system32\DRIVERS\atikmdag.sys
11:57:33.0823 4604 atikmdag - ok
11:57:33.0850 4604 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
11:57:33.0855 4604 AtiPcie - ok
11:57:33.0892 4604 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
11:57:33.0905 4604 atksgt - ok
11:57:33.0943 4604 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:57:33.0998 4604 Beep - ok
11:57:34.0041 4604 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:57:34.0084 4604 blbdrive - ok
11:57:34.0129 4604 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:57:34.0161 4604 bowser - ok
11:57:34.0188 4604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:57:34.0283 4604 BrFiltLo - ok
11:57:34.0306 4604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:57:34.0382 4604 BrFiltUp - ok
11:57:34.0421 4604 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:57:34.0614 4604 Brserid - ok
11:57:34.0644 4604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:57:34.0783 4604 BrSerWdm - ok
11:57:34.0799 4604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:57:34.0881 4604 BrUsbMdm - ok
11:57:34.0908 4604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:57:34.0968 4604 BrUsbSer - ok
11:57:34.0998 4604 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:57:35.0066 4604 BTHMODEM - ok
11:57:35.0098 4604 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:57:35.0134 4604 cdfs - ok
11:57:35.0165 4604 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:57:35.0193 4604 cdrom - ok
11:57:35.0214 4604 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:57:35.0258 4604 circlass - ok
11:57:35.0297 4604 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:57:35.0313 4604 CLFS - ok
11:57:35.0346 4604 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:57:35.0359 4604 cmdide - ok
11:57:35.0377 4604 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
11:57:35.0389 4604 Compbatt - ok
11:57:35.0408 4604 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:57:35.0416 4604 crcdisk - ok
11:57:35.0432 4604 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:57:35.0476 4604 Crusoe - ok
11:57:35.0548 4604 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:57:35.0590 4604 DfsC - ok
11:57:35.0623 4604 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:57:35.0631 4604 disk - ok
11:57:35.0679 4604 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:57:35.0704 4604 drmkaud - ok
11:57:35.0752 4604 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
11:57:35.0871 4604 DXGKrnl - ok
11:57:35.0902 4604 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:57:35.0965 4604 E1G60 - ok
11:57:36.0011 4604 EagleXNt - ok
11:57:36.0058 4604 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:57:36.0074 4604 Ecache - ok
11:57:36.0136 4604 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:57:36.0167 4604 elxstor - ok
11:57:36.0199 4604 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:57:36.0245 4604 ErrDev - ok
11:57:36.0279 4604 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:57:36.0356 4604 exfat - ok
11:57:36.0415 4604 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:57:36.0478 4604 fastfat - ok
11:57:36.0529 4604 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:57:36.0586 4604 fdc - ok
11:57:36.0622 4604 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:57:36.0636 4604 FileInfo - ok
11:57:36.0656 4604 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:57:36.0712 4604 Filetrace - ok
11:57:36.0730 4604 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:57:36.0800 4604 flpydisk - ok
11:57:36.0852 4604 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:57:36.0871 4604 FltMgr - ok
11:57:36.0901 4604 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:57:36.0947 4604 Fs_Rec - ok
11:57:36.0973 4604 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:57:36.0987 4604 gagp30kx - ok
11:57:37.0012 4604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:57:37.0022 4604 GEARAspiWDM - ok
11:57:37.0108 4604 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
11:57:37.0118 4604 hamachi - ok
11:57:37.0152 4604 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:57:37.0284 4604 HdAudAddService - ok
11:57:37.0362 4604 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:57:37.0417 4604 HDAudBus - ok
11:57:37.0444 4604 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:57:37.0528 4604 HidBth - ok
11:57:37.0553 4604 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:57:37.0644 4604 HidIr - ok
11:57:37.0688 4604 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:57:37.0748 4604 HidUsb - ok
11:57:37.0781 4604 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:57:37.0795 4604 HpCISSs - ok
11:57:37.0827 4604 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:57:37.0895 4604 HTTP - ok
11:57:37.0982 4604 HWiNFO32 (ac1e9496ba0ac3b27b45f2228ed51b2c) C:\Program Files\HWiNFO32\HWiNFO32.SYS
11:57:37.0993 4604 HWiNFO32 - ok
11:57:38.0013 4604 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:57:38.0026 4604 i2omp - ok
11:57:38.0051 4604 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:57:38.0099 4604 i8042prt - ok
11:57:38.0127 4604 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:57:38.0159 4604 iaStorV - ok
11:57:38.0190 4604 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:57:38.0203 4604 iirsp - ok
11:57:38.0306 4604 IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys
11:57:38.0463 4604 IntcAzAudAddService - ok
11:57:38.0510 4604 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:57:38.0526 4604 intelide - ok
11:57:38.0526 4604 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:57:38.0588 4604 intelppm - ok
11:57:38.0635 4604 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:57:38.0682 4604 IpFilterDriver - ok
11:57:38.0682 4604 IpInIp - ok
11:57:38.0713 4604 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:57:38.0760 4604 IPMIDRV - ok
11:57:38.0775 4604 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:57:38.0808 4604 IPNAT - ok
11:57:38.0823 4604 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:57:38.0882 4604 IRENUM - ok
11:57:38.0907 4604 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:57:38.0920 4604 isapnp - ok
11:57:38.0952 4604 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:57:38.0967 4604 iScsiPrt - ok
11:57:38.0984 4604 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:57:38.0991 4604 iteatapi - ok
11:57:39.0005 4604 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:57:39.0012 4604 iteraid - ok
11:57:39.0034 4604 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:57:39.0041 4604 kbdclass - ok
11:57:39.0053 4604 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
11:57:39.0094 4604 kbdhid - ok
11:57:39.0139 4604 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
11:57:39.0157 4604 KSecDD - ok
11:57:39.0222 4604 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
11:57:39.0232 4604 lirsgt - ok
11:57:39.0251 4604 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:57:39.0303 4604 lltdio - ok
11:57:39.0340 4604 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:57:39.0355 4604 LSI_FC - ok
11:57:39.0374 4604 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:57:39.0388 4604 LSI_SAS - ok
11:57:39.0406 4604 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:57:39.0421 4604 LSI_SCSI - ok
11:57:39.0444 4604 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:57:39.0503 4604 luafv - ok
11:57:39.0554 4604 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
11:57:39.0567 4604 MBAMProtector - ok
11:57:39.0580 4604 MBAMSwissArmy - ok
11:57:39.0620 4604 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:57:39.0633 4604 megasas - ok
11:57:39.0676 4604 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:57:39.0702 4604 MegaSR - ok
11:57:39.0730 4604 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:57:39.0771 4604 Modem - ok
11:57:39.0798 4604 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:57:39.0861 4604 monitor - ok
11:57:39.0877 4604 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:57:39.0892 4604 mouclass - ok
11:57:39.0908 4604 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:57:39.0939 4604 mouhid - ok
11:57:39.0955 4604 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:57:39.0970 4604 MountMgr - ok
11:57:39.0974 4604 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:57:39.0982 4604 mpio - ok
11:57:40.0001 4604 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:57:40.0030 4604 mpsdrv - ok
11:57:40.0057 4604 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:57:40.0066 4604 Mraid35x - ok
11:57:40.0108 4604 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:57:40.0149 4604 MRxDAV - ok
11:57:40.0193 4604 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:57:40.0223 4604 mrxsmb - ok
11:57:40.0274 4604 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:57:40.0305 4604 mrxsmb10 - ok
11:57:40.0324 4604 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:57:40.0372 4604 mrxsmb20 - ok
11:57:40.0407 4604 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
11:57:40.0420 4604 msahci - ok
11:57:40.0439 4604 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:57:40.0453 4604 msdsm - ok
11:57:40.0479 4604 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:57:40.0532 4604 Msfs - ok
11:57:40.0542 4604 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:57:40.0555 4604 msisadrv - ok
11:57:40.0589 4604 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:57:40.0635 4604 MSKSSRV - ok
11:57:40.0666 4604 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:57:40.0701 4604 MSPCLOCK - ok
11:57:40.0723 4604 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:57:40.0752 4604 MSPQM - ok
11:57:40.0818 4604 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:57:40.0829 4604 MsRPC - ok
11:57:40.0848 4604 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:57:40.0855 4604 mssmbios - ok
11:57:40.0870 4604 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:57:40.0919 4604 MSTEE - ok
11:57:40.0960 4604 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:57:40.0993 4604 Mup - ok
11:57:41.0056 4604 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:57:41.0118 4604 NativeWifiP - ok
11:57:41.0165 4604 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:57:41.0212 4604 NDIS - ok
11:57:41.0227 4604 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:57:41.0274 4604 NdisTapi - ok
11:57:41.0290 4604 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:57:41.0337 4604 Ndisuio - ok
11:57:41.0368 4604 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:57:41.0394 4604 NdisWan - ok
11:57:41.0413 4604 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:57:41.0462 4604 NDProxy - ok
11:57:41.0489 4604 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:57:41.0533 4604 NetBIOS - ok
11:57:41.0552 4604 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:57:41.0606 4604 netbt - ok
11:57:41.0682 4604 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
11:57:41.0752 4604 netr28u - ok
11:57:41.0779 4604 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:57:41.0792 4604 nfrd960 - ok
11:57:41.0828 4604 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:57:41.0858 4604 Npfs - ok
11:57:41.0893 4604 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:57:41.0946 4604 nsiproxy - ok
11:57:42.0007 4604 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:57:42.0078 4604 Ntfs - ok
11:57:42.0110 4604 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:57:42.0206 4604 ntrigdigi - ok
11:57:42.0231 4604 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:57:42.0256 4604 Null - ok
11:57:42.0277 4604 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:57:42.0285 4604 nvraid - ok
11:57:42.0304 4604 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:57:42.0312 4604 nvstor - ok
11:57:42.0328 4604 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:57:42.0336 4604 nv_agp - ok
11:57:42.0346 4604 NwlnkFlt - ok
11:57:42.0357 4604 NwlnkFwd - ok
11:57:42.0426 4604 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
11:57:42.0442 4604 ohci1394 - ok
11:57:42.0489 4604 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:57:42.0534 4604 Parport - ok
11:57:42.0572 4604 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
11:57:42.0587 4604 partmgr - ok
11:57:42.0604 4604 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:57:42.0678 4604 Parvdm - ok
11:57:42.0715 4604 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:57:42.0732 4604 pci - ok
11:57:42.0768 4604 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:57:42.0782 4604 pciide - ok
11:57:42.0808 4604 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:57:42.0825 4604 pcmcia - ok
11:57:42.0877 4604 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:57:42.0986 4604 PEAUTH - ok
11:57:43.0065 4604 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:57:43.0107 4604 PptpMiniport - ok
11:57:43.0125 4604 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
11:57:43.0156 4604 Processor - ok
11:57:43.0183 4604 Profos - ok
11:57:43.0223 4604 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:57:43.0257 4604 PSched - ok
11:57:43.0289 4604 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
11:57:43.0295 4604 PxHelp20 - ok
11:57:43.0348 4604 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:57:43.0393 4604 ql2300 - ok
11:57:43.0411 4604 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:57:43.0425 4604 ql40xx - ok
11:57:43.0479 4604 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:57:43.0545 4604 QWAVEdrv - ok
11:57:43.0576 4604 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:57:43.0607 4604 RasAcd - ok
11:57:43.0639 4604 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:57:43.0685 4604 Rasl2tp - ok
11:57:43.0732 4604 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:57:43.0763 4604 RasPppoe - ok
11:57:43.0779 4604 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:57:43.0795 4604 RasSstp - ok
11:57:43.0841 4604 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:57:43.0857 4604 rdbss - ok
11:57:43.0873 4604 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:57:43.0904 4604 RDPCDD - ok
11:57:43.0920 4604 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:57:43.0946 4604 rdpdr - ok
11:57:43.0960 4604 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:57:43.0983 4604 RDPENCDD - ok
11:57:44.0024 4604 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
11:57:44.0060 4604 RDPWD - ok
11:57:44.0101 4604 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:57:44.0124 4604 rspndr - ok
11:57:44.0146 4604 RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys
11:57:44.0155 4604 RTHDMIAzAudService - ok
11:57:44.0188 4604 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:57:44.0229 4604 RTL8169 - ok
11:57:44.0256 4604 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:57:44.0270 4604 sbp2port - ok
11:57:44.0305 4604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:57:44.0386 4604 secdrv - ok
11:57:44.0414 4604 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
11:57:44.0437 4604 Serenum - ok
11:57:44.0497 4604 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
11:57:44.0535 4604 Serial - ok
11:57:44.0555 4604 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:57:44.0588 4604 sermouse - ok
11:57:44.0634 4604 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys
11:57:44.0643 4604 sfdrv01a - ok
11:57:44.0660 4604 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:57:44.0685 4604 sffdisk - ok
11:57:44.0696 4604 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:57:44.0741 4604 sffp_mmc - ok
11:57:44.0767 4604 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:57:44.0815 4604 sffp_sd - ok
11:57:44.0857 4604 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
11:57:44.0866 4604 sfhlp02 - ok
11:57:44.0884 4604 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:57:44.0989 4604 sfloppy - ok
11:57:45.0021 4604 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
11:57:45.0021 4604 sfsync02 - ok
11:57:45.0067 4604 sfvfs02 (107b772690050d3b19cbc637ad8fd96e) C:\Windows\system32\drivers\sfvfs02.sys
11:57:45.0067 4604 sfvfs02 - ok
11:57:45.0084 4604 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:57:45.0089 4604 sisagp - ok
11:57:45.0108 4604 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:57:45.0121 4604 SiSRaid2 - ok
11:57:45.0142 4604 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:57:45.0156 4604 SiSRaid4 - ok
11:57:45.0200 4604 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:57:45.0248 4604 Smb - ok
11:57:45.0290 4604 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:57:45.0303 4604 spldr - ok
11:57:45.0345 4604 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:57:45.0392 4604 srv - ok
11:57:45.0431 4604 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:57:45.0452 4604 srv2 - ok
11:57:45.0518 4604 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:57:45.0558 4604 srvnet - ok
11:57:45.0611 4604 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:57:45.0624 4604 swenum - ok
11:57:45.0647 4604 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:57:45.0660 4604 Symc8xx - ok
11:57:45.0677 4604 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:57:45.0690 4604 Sym_hi - ok
11:57:45.0702 4604 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:57:45.0727 4604 Sym_u3 - ok
11:57:45.0813 4604 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
11:57:45.0888 4604 Tcpip - ok
11:57:45.0922 4604 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
11:57:46.0013 4604 Tcpip6 - ok
11:57:46.0057 4604 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:57:46.0108 4604 tcpipreg - ok
11:57:46.0124 4604 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:57:46.0155 4604 TDPIPE - ok
11:57:46.0171 4604 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:57:46.0217 4604 TDTCP - ok
11:57:46.0249 4604 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:57:46.0311 4604 tdx - ok
11:57:46.0342 4604 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:57:46.0358 4604 TermDD - ok
11:57:46.0389 4604 Trufos - ok
11:57:46.0420 4604 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:57:46.0467 4604 tssecsrv - ok
11:57:46.0488 4604 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:57:46.0517 4604 tunmp - ok
11:57:46.0526 4604 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:57:46.0544 4604 tunnel - ok
11:57:46.0565 4604 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:57:46.0579 4604 uagp35 - ok
11:57:46.0624 4604 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:57:46.0656 4604 udfs - ok
11:57:46.0691 4604 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:57:46.0699 4604 uliagpkx - ok
11:57:46.0718 4604 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:57:46.0730 4604 uliahci - ok
11:57:46.0741 4604 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:57:46.0750 4604 UlSata - ok
11:57:46.0769 4604 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:57:46.0778 4604 ulsata2 - ok
11:57:46.0792 4604 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:57:46.0813 4604 umbus - ok
11:57:46.0834 4604 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:57:46.0881 4604 USBAAPL - ok
11:57:46.0912 4604 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:57:46.0946 4604 usbccgp - ok
11:57:46.0971 4604 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:57:47.0033 4604 usbcir - ok
11:57:47.0066 4604 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:57:47.0096 4604 usbehci - ok
11:57:47.0118 4604 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:57:47.0141 4604 usbhub - ok
11:57:47.0149 4604 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
11:57:47.0183 4604 usbohci - ok
11:57:47.0201 4604 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
11:57:47.0242 4604 usbprint - ok
11:57:47.0259 4604 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:57:47.0278 4604 USBSTOR - ok
11:57:47.0316 4604 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:57:47.0346 4604 usbuhci - ok
11:57:47.0373 4604 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:57:47.0416 4604 vga - ok
11:57:47.0442 4604 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:57:47.0490 4604 VgaSave - ok
11:57:47.0537 4604 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:57:47.0537 4604 viaagp - ok
11:57:47.0553 4604 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:57:47.0568 4604 ViaC7 - ok
11:57:47.0584 4604 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:57:47.0599 4604 viaide - ok
11:57:47.0615 4604 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:57:47.0631 4604 volmgr - ok
11:57:47.0657 4604 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:57:47.0679 4604 volmgrx - ok
11:57:47.0707 4604 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:57:47.0729 4604 volsnap - ok
11:57:47.0765 4604 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:57:47.0782 4604 vsmraid - ok
11:57:47.0806 4604 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:57:47.0893 4604 WacomPen - ok
11:57:47.0922 4604 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:57:47.0953 4604 Wanarp - ok
11:57:47.0959 4604 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:57:47.0989 4604 Wanarpv6 - ok
11:57:48.0013 4604 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:57:48.0026 4604 Wd - ok
11:57:48.0060 4604 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:57:48.0091 4604 Wdf01000 - ok
11:57:48.0201 4604 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
11:57:48.0237 4604 WmiAcpi - ok
11:57:48.0292 4604 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
11:57:48.0327 4604 WpdUsb - ok
11:57:48.0351 4604 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:57:48.0385 4604 ws2ifsl - ok
11:57:48.0427 4604 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:57:48.0476 4604 WUDFRd - ok
11:57:48.0519 4604 XDva248 - ok
11:57:48.0569 4604 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:57:48.0687 4604 \Device\Harddisk0\DR0 - ok
11:57:48.0703 4604 Boot (0x1200) (10a932c9a19cd84bca32fbb98a93dec1) \Device\Harddisk0\DR0\Partition0
11:57:48.0703 4604 \Device\Harddisk0\DR0\Partition0 - ok
11:57:48.0718 4604 Boot (0x1200) (e440be18652ffe31e3bc0a5d12873b81) \Device\Harddisk0\DR0\Partition1
11:57:48.0718 4604 \Device\Harddisk0\DR0\Partition1 - ok
11:57:48.0718 4604 ============================================================
11:57:48.0718 4604 Scan finished
11:57:48.0718 4604 ============================================================
11:57:48.0734 3476 Detected object count: 1
11:57:48.0734 3476 Actual detected object count: 1
12:06:51.0108 3476 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:51.0108 3476 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:59:18.0147 5408 Deinitialize success

Der TDSS Killer hat einen Thread gefunden. Soll ich diesen nun entfernen und wie?

Alt 19.12.2011, 09:17   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Phorpiex Virus von Facebook loswerden, nur wie? - Standard

Phorpiex Virus von Facebook loswerden, nur wie?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Phorpiex Virus von Facebook loswerden, nur wie?
.dll, anti-malware, appdata, cache, dateien, explorer, files, forum, freunde, google, leute, link, loswerden, mail, manager, microsoft, msimg32.dll, phorpiex, process, programm, service, software, spyware, temporary, trojan.agent, trojaner, version, virus, wurm



Ähnliche Themen: Phorpiex Virus von Facebook loswerden, nur wie?


  1. Ihavenet Virus - wie kann ich ihn loswerden
    Log-Analyse und Auswertung - 31.07.2013 (25)
  2. Rote Sprechblase/ Iminent - Virus? Wie loswerden?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (21)
  3. Hola search virus loswerden!
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (44)
  4. Worm:Win32/Phorpiex.B über facebook eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (26)
  5. WORM/Phorpiex.B.6
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (10)
  6. Windows 7 Home Security 2012 Virus loswerden?
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (2)
  7. worm:win32/Phorpiex b virus!
    Log-Analyse und Auswertung - 27.12.2011 (28)
  8. Phorpiex Virus verschickt Mails mit Link
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (49)
  9. WORM/Phorpiex.B.56 der Facebook-Virus? Und wie bekomme ich ihn weg?
    Log-Analyse und Auswertung - 04.11.2011 (15)
  10. Phorpiex.B.56 dank Facebook Link
    Log-Analyse und Auswertung - 03.11.2011 (19)
  11. Trojaner TR/Phorpiex.90112.29 und BDS/Gbot.por.4 über Facebook
    Log-Analyse und Auswertung - 01.11.2011 (31)
  12. Facebook-Wurm Phorpiex, was muss ich tun?
    Log-Analyse und Auswertung - 29.10.2011 (12)
  13. TR/Phorpiex.90112.147
    Log-Analyse und Auswertung - 19.10.2011 (1)
  14. Facebook-Virus loswerden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2011 (37)
  15. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  16. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  17. Virus Protector wie loswerden?
    Antiviren-, Firewall- und andere Schutzprogramme - 06.05.2010 (42)

Zum Thema Phorpiex Virus von Facebook loswerden, nur wie? - Hallo Leute, ich hab gestern von nem Facebookfreund nen Link geschickt bekommen, wo ich natürlich gleich draufgedrückt hab und seitdem wurde vielen Freunden aus meiner freundesliste eine Mail mit diesem - Phorpiex Virus von Facebook loswerden, nur wie?...
Archiv
Du betrachtest: Phorpiex Virus von Facebook loswerden, nur wie? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.