| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
28.12.2011, 12:15
| #1 |
 |  "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Hallo ihr Lieben, ich habe mir wohl was eingefangen. Nach einer Weile wird bei meinem Laptop (Windows Vista) der Bildschirm schwarz und es erscheint ein Fenster, mein Windowssystem wäre aus Sicherheitsgründen blockiert und ich solle bezahlen, damit es wieder freigeschaltet wird. Dieses Problem haben wohl außer mir noch andere, also hoffe ich, dass ihr mir helfen könnt. Ich habe wirklich keine Ahnung von sowas, also wären idiotensichere Anweisungen echt klasse. =) Gibt es einen Weg das "Ding" zu entfernen, ohne dass alle meine Daten verloren gehen? Bitte seid nachsichtig mit einer unwissenden Idiotin wie mir. =) Tausend Dank schonmal im Voraus! |
|
28.12.2011, 13:06
| #2 |
| /// Malware-holic   | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" hi,
__________________pc neustarten, f8 drücken abgesicherter modus mit netzwerk wählen, dort solltest du inet haben. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
28.12.2011, 16:26
| #3 |
| | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Ganz herzlichen Dank für die schnelle Antwort! =)
__________________Stimmt das so? OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.12.2011 15:47:36 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,42% Memory free 6,19 Gb Paging File | 5,87 Gb Available in Paging File | 94,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,46 Gb Total Space | 186,23 Gb Free Space | 64,79% Space Free | Partition Type: NTFS Drive D: | 10,63 Gb Total Space | 1,79 Gb Free Space | 16,87% Space Free | Partition Type: NTFS Drive E: | 6,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\19EBA\lvvm.exe () PRC - C:\Users\***\AppData\Roaming\07519\A7087.exe () PRC - C:\Programme\LP\8730\38B.exe () PRC - C:\Programme\Lavasoft\Ad-Aware\AWSC.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\19EBA\lvvm.exe () MOD - C:\Users\***\AppData\Roaming\07519\A7087.exe () MOD - C:\Programme\LP\8730\38B.exe () ========== Win32 Services (SafeList) ========== SRV - (Norton Internet Security) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe () SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe (Andrea Electronics Corporation) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54869 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 19:56:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.10 10:21:48 | 000,000,000 | ---D | M] [2009.06.20 18:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.12.24 12:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d63zfvki.default\extensions [2010.10.08 14:57:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d63zfvki.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.19 21:58:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d63zfvki.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.25 15:26:30 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d63zfvki.default\extensions\personas@christopher.beard [2011.12.19 18:44:17 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\11-suche.xml [2011.12.19 18:44:17 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\englische-ergebnisse.xml [2011.12.19 18:44:17 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\gmx-suche.xml [2011.12.27 03:05:47 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-1.xml [2011.05.04 15:50:34 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-10.xml [2011.05.27 15:33:35 | 000,000,656 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-11.xml [2011.06.26 14:19:24 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-12.xml [2011.07.27 12:20:31 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-13.xml [2011.08.19 22:10:06 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-14.xml [2011.08.20 22:42:20 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-15.xml [2011.08.26 18:05:03 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-16.xml [2011.09.03 10:24:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-17.xml [2011.09.10 09:42:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-18.xml [2011.10.02 14:07:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-19.xml [2009.12.17 21:09:21 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-2.xml [2011.10.09 18:52:14 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-20.xml [2011.11.10 19:56:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-21.xml [2011.11.14 19:26:29 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-22.xml [2010.01.08 11:30:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-3.xml [2010.02.21 12:30:43 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-4.xml [2010.04.01 17:02:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-5.xml [2011.03.04 15:05:22 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-6.xml [2011.03.06 21:27:50 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-7.xml [2011.03.24 20:30:06 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-8.xml [2011.05.01 17:24:16 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin-9.xml [2011.12.18 13:29:14 | 000,000,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin.gif [2011.12.18 13:29:14 | 000,000,618 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin.src [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\icqplugin.xml [2011.12.19 18:44:17 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\lastminute.xml [2011.12.19 18:44:17 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\searchplugins\webde-suche.xml [2011.11.10 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.09.17 18:43:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D63ZFVKI.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.11.10 19:56:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 16:06:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 16:06:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.03 16:06:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 16:06:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 16:06:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 16:06:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [38B.exe] C:\Programme\LP\8730\38B.exe () O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [38B.exe] C:\Users\***\AppData\Roaming\Microsoft\8730\38B.exe () O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [dxpctf] C:\ProgramData\dxpctf.exe () O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [iexploer.exe] C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe () O4 - HKCU..\Run: [Microsoft® Windows Manager] C:\Users\***\M-1-25-5432-6437-5685\winmgr.exe () O4 - HKCU..\Run: [netctf] C:\Users\***\AppData\Roaming\netctf.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () F3 - HKCU WinNT: Load - (C:\Users\***\AppData\Roaming\19EBA\lvvm.exe) -C:\Users\***\AppData\Roaming\19EBA\lvvm.exe () O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.182 195.50.140.114 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2CDBAD0-CA5A-46D5-9D73-7BA248F4CE30}: DhcpNameServer = 195.50.140.182 195.50.140.114 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\07519\A7087.exe) -C:\Users\***\AppData\Roaming\07519\A7087.exe () O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.06.02 13:11:55 | 000,131,720 | R--- | M] (InstallShield Software Corporation) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.02.22 11:08:27 | 000,058,601 | R--- | M] () - E:\autorun.ico -- [ UDF ] O32 - AutoRun File - [2008.02.22 11:08:27 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2008.02.22 11:08:44 | 000,000,382 | R--- | M] () - E:\autorun.ini -- [ UDF ] O33 - MountPoints2\{63e1d61e-4d07-11de-b5c6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{63e1d61e-4d07-11de-b5c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008.06.02 13:11:55 | 000,131,720 | R--- | M] (InstallShield Software Corporation) O33 - MountPoints2\{724ca32f-e5a7-11df-99f8-00238ba70873}\Shell - "" = AutoRun O33 - MountPoints2\{724ca32f-e5a7-11df-99f8-00238ba70873}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{a0e3ea5e-3183-11df-aa84-00238ba70873}\Shell - "" = AutoRun O33 - MountPoints2\{a0e3ea5e-3183-11df-aa84-00238ba70873}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{b903c519-6249-11de-90f6-00238ba70873}\Shell - "" = AutoRun O33 - MountPoints2\{b903c519-6249-11de-90f6-00238ba70873}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C9BEB9E-8D33-12F7-FEE3-CBFDF515B385} - Browser Customizations ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F65D4887-FFC2-78CB-1EE7-2710D9F29D88} - Macromedia Shockwave Director 10.1 ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: CLMLServer for HP TouchSmart - hkey= - key= - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: DVDAgent - hkey= - key= - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) MsConfig - StartUpReg: SmartMenu - hkey= - key= - File not found MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: TSMAgent - hkey= - key= - C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: TVAgent - hkey= - key= - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdatePDIRShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.12.28 15:37:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.12.28 15:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\19EBA [2011.12.27 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ubisoft [2011.12.26 18:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2011.12.26 18:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011.12.26 18:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft [2011.12.26 18:25:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2011.12.26 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\19EBA [2011.12.26 18:23:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\07519 [2011.12.25 22:21:51 | 000,000,000 | RHSD | C] -- C:\Users\***\M-1-25-5432-6437-5685 [2011.12.25 15:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2011.12.25 15:02:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sony Corporation [2011.12.25 14:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Content Transfer [2011.12.25 14:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2011.12.25 13:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WALKMAN Guide [2011.12.25 13:58:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2011.12.25 13:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.28 15:40:36 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.28 15:40:36 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.28 15:40:36 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.28 15:40:36 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.28 15:37:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.12.28 15:35:12 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.12.28 15:35:12 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.12.28 15:35:04 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.12.28 15:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.27 22:24:53 | 000,352,616 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2011.12.27 22:24:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 22:24:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 03:01:45 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB831F9B-525C-484F-9610-0C6131608B2D}.job [2011.12.26 18:53:13 | 000,067,072 | ---- | M] () -- C:\Users\***\AppData\Roaming\netctf.exe [2011.12.26 18:53:13 | 000,067,072 | ---- | M] () -- C:\ProgramData\dxpctf.exe [2011.12.26 18:28:04 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job [2011.12.26 18:27:09 | 000,290,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\firefox.exe [2011.12.26 15:08:29 | 292,683,193 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.25 14:01:34 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Content Transfer.lnk [2011.12.25 13:59:21 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\NWZ-E450 WALKMAN Guide.lnk [2011.12.25 13:52:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.12.19 18:34:18 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job [2011.12.17 10:00:20 | 002,252,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.09 20:54:41 | 000,000,924 | ---- | M] () -- C:\Users\***\Desktop\Die Dunkle Bedrohung spielen.lnk [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.28 15:35:04 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.12.26 18:53:19 | 000,067,072 | ---- | C] () -- C:\Users\***\AppData\Roaming\netctf.exe [2011.12.26 18:53:19 | 000,067,072 | ---- | C] () -- C:\ProgramData\dxpctf.exe [2011.12.26 18:27:46 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job [2011.12.26 18:27:09 | 000,290,816 | ---- | C] () -- C:\Users\***\AppData\Roaming\firefox.exe [2011.12.25 14:01:34 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Content Transfer.lnk [2011.12.25 13:59:21 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\NWZ-E450 WALKMAN Guide.lnk [2011.12.25 13:52:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.12.09 20:54:41 | 000,000,924 | ---- | C] () -- C:\Users\***\Desktop\Die Dunkle Bedrohung spielen.lnk [2011.10.13 16:23:31 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.06.17 08:43:37 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.06.17 08:43:37 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.06.12 16:42:19 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011.05.22 18:12:18 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Local\Ddumosubukaqi.dat [2011.05.22 18:12:18 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Llifefogufa.bin [2010.05.11 21:35:03 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.03.12 11:32:03 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.09.12 11:29:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.12 11:29:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.18 19:16:58 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.08.18 17:47:19 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2009.06.29 20:08:29 | 000,000,581 | ---- | C] () -- C:\Windows\eReg.dat [2009.06.15 20:07:26 | 000,023,552 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.10 02:58:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.01.23 11:38:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.23 11:34:59 | 000,617,456 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.01.23 11:34:59 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.01.23 11:34:59 | 000,122,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.01.23 11:34:59 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.01.23 04:54:18 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2008.12.31 13:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.12.31 12:55:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.10.30 10:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.10.21 13:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.10.21 13:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 002,252,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,586,568 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,100,640 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.12.18 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011.12.27 03:18:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\07519 [2011.12.26 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\19EBA [2010.06.28 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook [2011.05.04 15:50:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2009.05.30 16:38:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\muvee Technologies [2010.02.18 21:58:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2009.11.14 19:53:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg [2011.05.03 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10 [2011.12.27 13:01:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2011.12.28 15:35:04 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.12.26 18:28:04 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011.12.27 22:27:09 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.27 03:01:45 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CB831F9B-525C-484F-9610-0C6131608B2D}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.05.30 13:55:09 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.05.27 16:10:45 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2011.09.04 11:41:17 | 000,000,000 | -HSD | M] -- C:\boot [2011.10.26 15:04:05 | 000,000,000 | ---D | M] -- C:\Der Meisterdieb [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.05.30 13:48:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.05.30 13:50:19 | 000,000,000 | -H-D | M] -- C:\HP [2009.01.23 04:39:48 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.28 15:35:44 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.27 22:25:24 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.05.30 13:48:21 | 000,000,000 | -HSD | M] -- C:\Programme [2009.05.30 13:50:51 | 000,000,000 | ---D | M] -- C:\SWSetup [2011.12.27 05:06:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.05.30 13:50:51 | 000,000,000 | -H-D | M] -- C:\System.sav [2009.05.30 13:48:41 | 000,000,000 | R--D | M] -- C:\Users [2011.12.27 03:17:51 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.01.23 11:56:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys [2009.01.23 11:56:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys [2009.01.23 11:56:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys [2009.01.23 11:56:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\system32\drivers\vsdatant.sys [1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.12.28 15:55:51 | 002,621,440 | -HS- | M] () -- C:\Users\***\ntuser.dat [2011.12.28 15:55:51 | 000,262,144 | -H-- | M] () -- C:\Users\***\ntuser.dat.LOG1 [2009.05.30 13:48:42 | 000,000,000 | -H-- | M] () -- C:\Users\***\ntuser.dat.LOG2 [2011.05.26 21:28:37 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{0d2fbc09-7124-11e0-90de-00238ba70873}.TM.blf [2011.05.26 21:28:37 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{0d2fbc09-7124-11e0-90de-00238ba70873}.TMContainer00000000000000000001.regtrans-ms [2011.04.28 00:14:51 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{0d2fbc09-7124-11e0-90de-00238ba70873}.TMContainer00000000000000000002.regtrans-ms [2011.04.23 17:42:11 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.04.23 17:42:11 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.05.30 21:02:31 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.12.27 22:27:08 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{a36218f7-886b-11e0-8e19-00238ba70873}.TM.blf [2011.12.27 22:27:08 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{a36218f7-886b-11e0-8e19-00238ba70873}.TMContainer00000000000000000001.regtrans-ms [2011.05.27 23:48:12 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{a36218f7-886b-11e0-8e19-00238ba70873}.TMContainer00000000000000000002.regtrans-ms [2009.05.30 13:48:43 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.12.2011 15:47:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,42% Memory free
6,19 Gb Paging File | 5,87 Gb Available in Paging File | 94,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,46 Gb Total Space | 186,23 Gb Free Space | 64,79% Space Free | Partition Type: NTFS
Drive D: | 10,63 Gb Total Space | 1,79 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
Drive E: | 6,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C1FB282-B72D-4F82-A76F-8FA065446CA1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51BC1328-17F9-41B4-8364-9FF34D0C8558}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6EF29E65-C506-4778-B9E0-A981821DF6B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{164AAE03-379C-4E02-802F-F70728298380}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{1665F4BB-7B08-492C-9D59-AB96CF75350B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{170FCBDB-34CC-4CF7-8785-601E53B336C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{46C7D331-40DB-49FC-86B8-CF12B6933CA4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4B28083F-0402-4D59-9F90-20B13FA61ADA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5B568EFA-3937-4827-BBA8-35BDBFFA3774}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{61460404-0C40-400F-9BE7-2AE8C74D30DC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{6BEAEB23-ECF4-4514-82F6-6E937945B3CA}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{6C4D1D60-F6EF-4CB1-8282-DE2DBE987E4F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{6FF88DCA-F100-47CE-9AF3-D70DD65D0FC2}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{847A25F3-5037-4F3C-90CB-3E670FD21139}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{8F707781-B175-4715-945B-BBB0458958A5}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{94C53CFE-F62D-4FCB-B7C9-555D31037BC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95968400-E246-4605-9E56-046453FCD383}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{95E3197A-207D-4E95-B20C-562A5B54DD20}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{99535468-2460-40EC-8B74-083EEAFCB102}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{A4256945-AE2A-4087-86D0-8D7200A519A8}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{AFC93C96-AA10-4B56-B033-1B56D96AFF79}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{B29840FF-554B-4321-A2A0-080B2AD1ECB3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{B3562B49-86C9-40EF-9826-63EFCC578FF2}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{B4AAF6CC-AD80-40BE-A4DE-F198EB7900F5}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{B8032C2C-AB3C-4646-AE8D-F45B57001A85}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{C169A3CD-BF6F-430A-AB2B-F453AC00DB4E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{DF8D54B5-F9F1-4F31-9D5B-CE15E9E3512A}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{E2F656F5-0E63-428D-B459-C9349213881B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{F3C61C77-297B-4C18-852E-76840D5B7B7C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"TCP Query User{034F9432-C20E-4FA2-8EAD-75AB2EC4EC8D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B33A01B3-7C75-4698-B8EC-B2F117503122}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{D64FF0A4-F9AB-48F4-A8FD-A1151AA8E013}C:\program files\hasbro interactive\rollercoaster tycoon\rct.icd" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.icd |
"UDP Query User{478A12B9-9628-4DD9-8696-D949E221E0E3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{52295190-A7B6-4524-910A-CE560EFDD137}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{917AFE62-C777-450E-A88A-BCC17CF13AFE}C:\program files\hasbro interactive\rollercoaster tycoon\rct.icd" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.icd |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A6C2811-AD29-473F-8086-F0B401276DEC}" = NWZ-E450 WALKMAN Guide
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9BB5EF11-1770-4F19-B698-D59E94989B3D}" = Ad-Aware
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A70C9DB4-84BC-4761-BB55-7A738BFA5432}" = Groove Agent One for Cubase 5
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C3BB5992-04BD-5A27-A8A5-5D976DF8E743}" = ATI Catalyst Install Manager
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CAAAB039-95E4-6F1C-36CC-2E6005E2540D}" = ccc-utility
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LucasArts' The Phantom Menace" = LucasArts Die Dunkle Bedrohung
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
28.12.2011, 16:42
| #4 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" hi stimmt so :-) bitte *** im script durch nutzernamen ersetzen damit es funktioniert achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
F3 - HKCU WinNT: Load - (C:\Users\***\AppData\Roaming\19EBA\lvvm.exe) -C:\Users\***\AppData\Roaming\19EBA\lvvm.exe ()
O4 - HKCU..\Run: [netctf] C:\Users\***\AppData\Roaming\netctf.exe ()
O4 - HKCU..\Run: [Microsoft® Windows Manager] C:\Users\***\M-1-25-5432-6437-5685\winmgr.exe ()
O4 - HKCU..\Run: [iexploer.exe] C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe ()
O4 - HKCU..\Run: [dxpctf] C:\ProgramData\dxpctf.exe ()
O4 - HKCU..\Run: [38B.exe] C:\Users\***\AppData\Roaming\Microsoft\8730\38B.exe ()
O4 - HKLM..\Run: [38B.exe] C:\Programme\LP\8730\38B.exe ()
PRC - C:\Programme\19EBA\lvvm.exe ()
PRC - C:\Users\***\AppData\Roaming\07519\A7087.exe ()
PRC - C:\Programme\LP\8730\38B.exe ()
MOD - C:\Programme\19EBA\lvvm.exe ()
MOD - C:\Users\***\AppData\Roaming\07519\A7087.exe ()
MOD - C:\Programme\LP\8730\38B.exe ()
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\07519\A7087.exe) -C:\Users\***\AppData\Roaming\07519\A7087.exe ()
[2011.12.28 15:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\19EBA
[2011.12.26 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\19EBA
[2011.12.26 18:28:04 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.12.26 18:27:09 | 000,290,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\firefox.exe
:Files
C:\Users\***\AppData\Roaming\19EBA
C:\Programme\LP
C:\Users\***\AppData\Roaming\07519
C:\Users\***\AppData\Roaming\netctf.exe
C:\Users\***\M-1-25-5432-6437-5685
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe
C:\ProgramData\dxpctf.exe
C:\Users\***\AppData\Roaming\Microsoft\8730
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne internet explorer, internet optionen verbindung, lan verbindung. eintrag bei proxy server und port löschen, haken bei proxy verwenden raus. übernehmen ok öffne firefox, öffne extras öffne einstellungen, erweitert, netzwerk verbindung. dann eintrag bei proxy löschen, keinen proxy verwenden wählen übernehmen ok öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2011, 17:55
| #5 | |
| | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Okay! =) Hier schonmal der Inhalt des Textdokuments: Code:
ATTFilter All processes killed
========== OTL ==========
File \Users\***\AppData\Roaming\19EBA\lvvm.exe) -C:\Users\***\AppData\Roaming\19EBA\lvvm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\***\AppData\Roaming\19EBA\lvvm.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\netctf deleted successfully.
C:\Users\***\AppData\Roaming\netctf.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft® Windows Manager deleted successfully.
C:\Users\***\M-1-25-5432-6437-5685\winmgr.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iexploer.exe deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dxpctf deleted successfully.
C:\ProgramData\dxpctf.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\38B.exe deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\8730\38B.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\38B.exe deleted successfully.
C:\Programme\LP\8730\38B.exe moved successfully.
No active process named lvvm.exe was found!
No active process named A7087.exe was found!
No active process named 38B.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\07519\A7087.exe deleted successfully.
File \Users\***\AppData\Roaming\07519\A7087.exe) -C:\Users\***\AppData\Roaming\07519\A7087.exe not found.
C:\Program Files\19EBA folder moved successfully.
C:\Users\***\AppData\Roaming\19EBA folder moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Users\***\AppData\Roaming\firefox.exe moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: ***
->Flash cache emptied: 284949 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 2158140529 bytes
->Temporary Internet Files folder emptied: 3348507415 bytes
->Java cache emptied: 612951 bytes
->FireFox cache emptied: 42814498 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 84582234 bytes
RecycleBin emptied: 26360282 bytes
Total Files Cleaned = 5.399,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12282011_172413
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Zum zweiten Teil: Bei dem Textdokument muss ich auch wieder den Namen verändern, oder? Zitat:
Das ist das gleiche, oder? Tschuldigung, aber ich frag lieber einmal zu oft nach, als dass ich es dann falsch mache.  Und noch was: Ich hab jezt wieder im normalen Modus hochgefahren. Ist das okay, oder muss ich im abgesicherten Modus bleiben? =) |
|
28.12.2011, 18:10
| #6 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" ja ist das gleiche, ja normaler modus ist ok :-)
__________________ --> "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" |
|
28.12.2011, 18:38
| #7 |
| | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Okay, hab ich gemacht! =) |
|
28.12.2011, 19:15
| #8 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" man dankt. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2011, 20:39
| #9 |
| | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Voilà: Combofix Logfile: Code:
ATTFilter ComboFix 11-12-28.03 - *** 28.12.2011 20:17:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3068.1922 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\8730\3EB4.tmp
c:\program files\LP\8730\A006.tmp
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-28 ))))))))))))))))))))))))))))))
.
.
2011-12-28 19:25 . 2011-12-28 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-28 16:19 . 2011-12-28 17:28 -------- d-----w- C:\_OTL
2011-12-27 12:01 . 2011-12-27 12:01 -------- d-----w- c:\users\***\AppData\Roaming\Ubisoft
2011-12-26 17:53 . 2011-12-26 17:53 67072 ----a-w- c:\users\***\AppData\Roaming\Microsoft\8730\6316.exe
2011-12-26 17:43 . 2011-12-26 17:43 -------- d-----w- c:\programdata\Ubisoft
2011-12-26 17:26 . 2011-12-26 17:26 -------- d-----w- c:\program files\Ubisoft
2011-12-26 17:25 . 2011-12-26 17:25 -------- d-----w- c:\users\***\AppData\Roaming\InstallShield
2011-12-26 17:23 . 2011-12-26 17:23 103424 ----a-w- c:\users\***\AppData\Roaming\Microsoft\8730\3FB1.tmp
2011-12-26 17:23 . 2011-12-27 02:18 -------- d-----w- c:\users\***\AppData\Roaming\07519
2011-12-25 21:21 . 2011-12-28 16:24 -------- d-sh--r- c:\users\***\M-1-25-5432-6437-5685
2011-12-25 14:02 . 2011-12-25 14:02 -------- d-----w- c:\programdata\Sony Corporation
2011-12-25 14:02 . 2011-12-25 14:02 -------- d-----w- c:\users\***\AppData\Roaming\Sony Corporation
2011-12-25 13:01 . 2011-12-25 13:01 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-12-25 12:58 . 2011-12-25 13:00 -------- d-----w- c:\users\***\AppData\Local\Downloaded Installations
2011-12-25 12:56 . 2011-12-25 13:01 -------- d-----w- c:\program files\Sony
2011-12-23 12:02 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{575A29D8-AC1B-4320-8140-D3388800E396}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 18:56 . 2011-05-28 10:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-26 450659]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2008-12-25 11:41 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2008-11-28 16:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-11-18 09:57 966656 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 08:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-10-10 11:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-11-18 17:35 914224 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-07-24 16:48 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
2008-12-25 11:41 1316136 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
2009-01-21 15:23 210216 ----a-r- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-11-14 20:02 218408 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-10-30 10:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-11-26 10:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/10 04:01];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2008-06-27 77824]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-30 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-19 c:\windows\Tasks\HPCeeScheduleFor***.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-23 10:34]
.
2011-12-28 c:\windows\Tasks\User_Feed_Synchronization-{CB831F9B-525C-484F-9610-0C6131608B2D}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:54869
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.50.140.182 195.50.140.114
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d63zfvki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q=
FF - prefs.js: network.proxy.type - 0
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-LucasArts' The Phantom Menace - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-28 20:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{03af562d-ebcf-4b08-80af-302bde44b202}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a00238b
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{214d804d-99b8-4d5b-a99f-875361ef55db}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0016d3
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d2cdbad0-ca5a-46d5-9d73-7ba248f4ce30}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100022fa
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-28 20:27:32
ComboFix-quarantined-files.txt 2011-12-28 19:27
.
Vor Suchlauf: 9 Verzeichnis(se), 201.977.675.776 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 201.911.574.528 Bytes frei
.
- - End Of File - - 194AE69B29470AD49D9AF39A83B033E1
|
|
28.12.2011, 20:48
| #10 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan lösche nichts, nur log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.12.2011, 15:21
| #11 |
| | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Ich hoffe es stimmt so. =) Code:
ATTFilter 15:15:27.0314 3916 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:15:29.0155 3916 ============================================================
15:15:29.0155 3916 Current date / time: 2011/12/29 15:15:29.0155
15:15:29.0155 3916 SystemInfo:
15:15:29.0155 3916
15:15:29.0155 3916 OS Version: 6.0.6002 ServicePack: 2.0
15:15:29.0155 3916 Product type: Workstation
15:15:29.0155 3916 ComputerName: ***-PC
15:15:29.0155 3916 UserName: ***
15:15:29.0155 3916 Windows directory: C:\Windows
15:15:29.0155 3916 System windows directory: C:\Windows
15:15:29.0155 3916 Processor architecture: Intel x86
15:15:29.0155 3916 Number of processors: 2
15:15:29.0155 3916 Page size: 0x1000
15:15:29.0155 3916 Boot type: Normal boot
15:15:29.0155 3916 ============================================================
15:15:30.0543 3916 Initialize success
15:16:59.0571 6084 ============================================================
15:16:59.0571 6084 Scan started
15:16:59.0571 6084 Mode: Manual; SigCheck; TDLFS;
15:16:59.0571 6084 ============================================================
15:17:00.0632 6084 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
15:17:00.0726 6084 Accelerometer - ok
15:17:00.0788 6084 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:17:00.0819 6084 ACPI - ok
15:17:01.0022 6084 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:17:01.0084 6084 adp94xx - ok
15:17:01.0225 6084 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:17:01.0240 6084 adpahci - ok
15:17:01.0443 6084 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:17:01.0459 6084 adpu160m - ok
15:17:01.0568 6084 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:17:01.0599 6084 adpu320 - ok
15:17:01.0740 6084 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:17:01.0818 6084 AFD - ok
15:17:02.0208 6084 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:17:02.0239 6084 agp440 - ok
15:17:02.0301 6084 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:17:02.0317 6084 aic78xx - ok
15:17:02.0364 6084 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
15:17:02.0379 6084 aliide - ok
15:17:02.0473 6084 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:17:02.0488 6084 amdagp - ok
15:17:02.0488 6084 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
15:17:02.0504 6084 amdide - ok
15:17:02.0535 6084 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:17:02.0582 6084 AmdK7 - ok
15:17:02.0691 6084 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:17:02.0722 6084 AmdK8 - ok
15:17:02.0863 6084 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:17:02.0878 6084 arc - ok
15:17:02.0925 6084 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:17:02.0941 6084 arcsas - ok
15:17:03.0034 6084 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:03.0081 6084 AsyncMac - ok
15:17:03.0128 6084 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:17:03.0144 6084 atapi - ok
15:17:03.0705 6084 atikmdag (96f5eea88f9146f5f803ad20c4264565) C:\Windows\system32\DRIVERS\atikmdag.sys
15:17:03.0955 6084 atikmdag - ok
15:17:04.0048 6084 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:17:04.0064 6084 avgio - ok
15:17:04.0189 6084 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
15:17:04.0236 6084 avgntflt - ok
15:17:04.0282 6084 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
15:17:04.0298 6084 avipbb - ok
15:17:04.0438 6084 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:17:04.0454 6084 Beep - ok
15:17:04.0516 6084 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:17:04.0563 6084 blbdrive - ok
15:17:04.0688 6084 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:17:04.0766 6084 bowser - ok
15:17:04.0860 6084 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:17:04.0906 6084 BrFiltLo - ok
15:17:04.0984 6084 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:17:05.0031 6084 BrFiltUp - ok
15:17:05.0109 6084 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:17:05.0265 6084 Brserid - ok
15:17:05.0406 6084 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:17:05.0468 6084 BrSerWdm - ok
15:17:05.0515 6084 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:17:05.0577 6084 BrUsbMdm - ok
15:17:05.0686 6084 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:17:05.0749 6084 BrUsbSer - ok
15:17:05.0796 6084 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:17:05.0874 6084 BTHMODEM - ok
15:17:05.0967 6084 catchme - ok
15:17:06.0045 6084 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:17:06.0092 6084 cdfs - ok
15:17:06.0201 6084 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:17:06.0248 6084 cdrom - ok
15:17:06.0342 6084 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
15:17:06.0388 6084 circlass - ok
15:17:06.0544 6084 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:17:06.0576 6084 CLFS - ok
15:17:06.0669 6084 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:17:06.0732 6084 CmBatt - ok
15:17:06.0763 6084 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
15:17:06.0778 6084 cmdide - ok
15:17:06.0872 6084 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:17:06.0888 6084 Compbatt - ok
15:17:06.0919 6084 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:17:06.0919 6084 crcdisk - ok
15:17:06.0934 6084 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:17:06.0997 6084 Crusoe - ok
15:17:07.0137 6084 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:17:07.0184 6084 DfsC - ok
15:17:07.0324 6084 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:17:07.0340 6084 disk - ok
15:17:07.0418 6084 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:17:07.0465 6084 drmkaud - ok
15:17:07.0590 6084 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
15:17:07.0652 6084 DXGKrnl - ok
15:17:07.0777 6084 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:17:07.0839 6084 E1G60 - ok
15:17:07.0917 6084 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:17:07.0948 6084 Ecache - ok
15:17:08.0073 6084 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:17:08.0136 6084 elxstor - ok
15:17:08.0229 6084 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
15:17:08.0292 6084 enecir - ok
15:17:08.0401 6084 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:17:08.0432 6084 ErrDev - ok
15:17:08.0494 6084 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:17:08.0541 6084 exfat - ok
15:17:08.0635 6084 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:17:08.0682 6084 fastfat - ok
15:17:08.0713 6084 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:17:08.0791 6084 fdc - ok
15:17:08.0900 6084 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:17:08.0916 6084 FileInfo - ok
15:17:08.0947 6084 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:17:08.0978 6084 Filetrace - ok
15:17:09.0087 6084 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:17:09.0150 6084 flpydisk - ok
15:17:09.0228 6084 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:17:09.0259 6084 FltMgr - ok
15:17:09.0337 6084 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:17:09.0384 6084 Fs_Rec - ok
15:17:09.0415 6084 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:17:09.0430 6084 gagp30kx - ok
15:17:09.0586 6084 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:17:09.0649 6084 HdAudAddService - ok
15:17:09.0789 6084 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:17:09.0852 6084 HDAudBus - ok
15:17:09.0914 6084 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:17:10.0008 6084 HidBth - ok
15:17:10.0101 6084 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
15:17:10.0148 6084 HidIr - ok
15:17:10.0210 6084 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:17:10.0273 6084 HidUsb - ok
15:17:10.0382 6084 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:17:10.0382 6084 HpCISSs - ok
15:17:10.0429 6084 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:17:10.0444 6084 hpdskflt - ok
15:17:10.0476 6084 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:17:10.0538 6084 HpqKbFiltr - ok
15:17:10.0632 6084 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:17:10.0725 6084 HTTP - ok
15:17:10.0803 6084 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:17:10.0819 6084 i2omp - ok
15:17:10.0881 6084 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:17:10.0928 6084 i8042prt - ok
15:17:11.0022 6084 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:17:11.0037 6084 iaStorV - ok
15:17:11.0100 6084 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:17:11.0115 6084 iirsp - ok
15:17:11.0178 6084 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
15:17:11.0193 6084 intelide - ok
15:17:11.0224 6084 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:17:11.0271 6084 intelppm - ok
15:17:11.0380 6084 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:11.0443 6084 IpFilterDriver - ok
15:17:11.0443 6084 IpInIp - ok
15:17:11.0474 6084 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:17:11.0505 6084 IPMIDRV - ok
15:17:11.0536 6084 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:17:11.0568 6084 IPNAT - ok
15:17:11.0646 6084 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:17:11.0677 6084 IRENUM - ok
15:17:11.0692 6084 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:17:11.0708 6084 isapnp - ok
15:17:11.0770 6084 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:17:11.0786 6084 iScsiPrt - ok
15:17:11.0817 6084 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:17:11.0833 6084 iteatapi - ok
15:17:11.0926 6084 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:17:11.0926 6084 iteraid - ok
15:17:11.0973 6084 JMCR (ab772e9cc29c29f59cb4b75f9d6f3f96) C:\Windows\system32\DRIVERS\jmcr.sys
15:17:12.0004 6084 JMCR - ok
15:17:12.0098 6084 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:17:12.0114 6084 kbdclass - ok
15:17:12.0176 6084 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:17:12.0207 6084 kbdhid - ok
15:17:12.0332 6084 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
15:17:12.0410 6084 KSecDD - ok
15:17:12.0519 6084 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:17:12.0535 6084 Lavasoft Kernexplorer - ok
15:17:12.0675 6084 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
15:17:12.0691 6084 Lbd - ok
15:17:12.0722 6084 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:17:12.0769 6084 lltdio - ok
15:17:12.0894 6084 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:17:12.0909 6084 LSI_FC - ok
15:17:12.0909 6084 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:17:12.0925 6084 LSI_SAS - ok
15:17:12.0940 6084 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:17:12.0956 6084 LSI_SCSI - ok
15:17:12.0972 6084 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:17:13.0003 6084 luafv - ok
15:17:13.0050 6084 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:17:13.0065 6084 megasas - ok
15:17:13.0096 6084 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:17:13.0143 6084 MegaSR - ok
15:17:13.0237 6084 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:17:13.0299 6084 Modem - ok
15:17:13.0346 6084 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:17:13.0393 6084 monitor - ok
15:17:13.0424 6084 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:17:13.0440 6084 mouclass - ok
15:17:13.0518 6084 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:17:13.0533 6084 mouhid - ok
15:17:13.0549 6084 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:17:13.0564 6084 MountMgr - ok
15:17:13.0580 6084 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:17:13.0596 6084 mpio - ok
15:17:13.0627 6084 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:17:13.0674 6084 mpsdrv - ok
15:17:13.0767 6084 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:17:13.0798 6084 Mraid35x - ok
15:17:13.0845 6084 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:17:13.0923 6084 MRxDAV - ok
15:17:14.0017 6084 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:14.0048 6084 mrxsmb - ok
15:17:14.0095 6084 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:14.0126 6084 mrxsmb10 - ok
15:17:14.0235 6084 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:14.0282 6084 mrxsmb20 - ok
15:17:14.0360 6084 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:17:14.0376 6084 msahci - ok
15:17:14.0469 6084 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:17:14.0485 6084 msdsm - ok
15:17:14.0500 6084 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:17:14.0547 6084 Msfs - ok
15:17:14.0610 6084 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:17:14.0625 6084 msisadrv - ok
15:17:14.0703 6084 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:17:14.0750 6084 MSKSSRV - ok
15:17:14.0844 6084 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:14.0875 6084 MSPCLOCK - ok
15:17:14.0937 6084 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:17:15.0000 6084 MSPQM - ok
15:17:15.0031 6084 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:17:15.0046 6084 MsRPC - ok
15:17:15.0140 6084 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:17:15.0140 6084 mssmbios - ok
15:17:15.0171 6084 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:17:15.0218 6084 MSTEE - ok
15:17:15.0249 6084 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:17:15.0265 6084 Mup - ok
15:17:15.0374 6084 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:17:15.0405 6084 NativeWifiP - ok
15:17:15.0436 6084 NAVENG - ok
15:17:15.0452 6084 NAVEX15 - ok
15:17:15.0561 6084 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:17:15.0577 6084 NDIS - ok
15:17:15.0624 6084 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:15.0670 6084 NdisTapi - ok
15:17:15.0748 6084 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:15.0780 6084 Ndisuio - ok
15:17:15.0826 6084 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:15.0889 6084 NdisWan - ok
15:17:15.0936 6084 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:17:15.0967 6084 NDProxy - ok
15:17:16.0029 6084 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:17:16.0076 6084 NetBIOS - ok
15:17:16.0138 6084 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:17:16.0185 6084 netbt - ok
15:17:16.0357 6084 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:17:16.0513 6084 NETw3v32 - ok
15:17:16.0731 6084 NETw5v32 (ba420e8ebfcad35581fe8e4c64f71469) C:\Windows\system32\DRIVERS\NETw5v32.sys
15:17:17.0277 6084 NETw5v32 - ok
15:17:17.0418 6084 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:17:17.0433 6084 nfrd960 - ok
15:17:17.0574 6084 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:17:17.0620 6084 Npfs - ok
15:17:17.0667 6084 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:17:17.0714 6084 nsiproxy - ok
15:17:17.0854 6084 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:17:17.0901 6084 Ntfs - ok
15:17:17.0948 6084 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:17:17.0995 6084 ntrigdigi - ok
15:17:18.0073 6084 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:17:18.0104 6084 Null - ok
15:17:18.0120 6084 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:17:18.0135 6084 nvraid - ok
15:17:18.0166 6084 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:17:18.0182 6084 nvstor - ok
15:17:18.0198 6084 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:17:18.0213 6084 nv_agp - ok
15:17:18.0229 6084 NwlnkFlt - ok
15:17:18.0244 6084 NwlnkFwd - ok
15:17:18.0369 6084 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:17:18.0416 6084 ohci1394 - ok
15:17:18.0463 6084 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:17:18.0525 6084 Parport - ok
15:17:18.0634 6084 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:17:18.0650 6084 partmgr - ok
15:17:18.0681 6084 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:17:18.0744 6084 Parvdm - ok
15:17:18.0868 6084 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:17:18.0884 6084 pci - ok
15:17:18.0931 6084 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
15:17:18.0946 6084 pciide - ok
15:17:19.0024 6084 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:17:19.0040 6084 pcmcia - ok
15:17:19.0102 6084 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:17:19.0180 6084 PEAUTH - ok
15:17:19.0305 6084 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:17:19.0368 6084 PptpMiniport - ok
15:17:19.0383 6084 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:17:19.0414 6084 Processor - ok
15:17:19.0492 6084 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:17:19.0539 6084 PSched - ok
15:17:19.0648 6084 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:17:19.0773 6084 ql2300 - ok
15:17:19.0882 6084 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:17:19.0898 6084 ql40xx - ok
15:17:19.0992 6084 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:17:20.0054 6084 QWAVEdrv - ok
15:17:20.0148 6084 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:17:20.0194 6084 RasAcd - ok
15:17:20.0241 6084 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:17:20.0272 6084 Rasl2tp - ok
15:17:20.0319 6084 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:17:20.0366 6084 RasPppoe - ok
15:17:20.0818 6084 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:17:20.0850 6084 RasSstp - ok
15:17:20.0974 6084 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:17:21.0006 6084 rdbss - ok
15:17:21.0037 6084 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:17:21.0084 6084 RDPCDD - ok
15:17:21.0146 6084 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:17:21.0193 6084 rdpdr - ok
15:17:21.0240 6084 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:17:21.0271 6084 RDPENCDD - ok
15:17:21.0333 6084 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:17:21.0380 6084 RDPWD - ok
15:17:21.0505 6084 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:17:21.0536 6084 rspndr - ok
15:17:21.0583 6084 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:17:21.0645 6084 RTL8169 - ok
15:17:21.0739 6084 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:17:21.0754 6084 sbp2port - ok
15:17:21.0786 6084 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
15:17:21.0832 6084 sdbus - ok
15:17:21.0864 6084 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:17:21.0910 6084 secdrv - ok
15:17:22.0020 6084 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:17:22.0066 6084 Serenum - ok
15:17:22.0082 6084 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:17:22.0160 6084 Serial - ok
15:17:22.0191 6084 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:17:22.0238 6084 sermouse - ok
15:17:22.0347 6084 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:17:22.0378 6084 sffdisk - ok
15:17:22.0394 6084 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:17:22.0456 6084 sffp_mmc - ok
15:17:22.0488 6084 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:17:22.0534 6084 sffp_sd - ok
15:17:22.0628 6084 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:17:22.0690 6084 sfloppy - ok
15:17:22.0722 6084 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:17:22.0722 6084 sisagp - ok
15:17:22.0753 6084 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:17:22.0768 6084 SiSRaid2 - ok
15:17:22.0784 6084 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:17:22.0800 6084 SiSRaid4 - ok
15:17:22.0893 6084 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:17:22.0909 6084 Smb - ok
15:17:22.0956 6084 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:17:22.0971 6084 spldr - ok
15:17:22.0987 6084 SRTSP - ok
15:17:23.0002 6084 SRTSPX - ok
15:17:23.0049 6084 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:17:23.0080 6084 srv - ok
15:17:23.0205 6084 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:17:23.0236 6084 srv2 - ok
15:17:23.0283 6084 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:17:23.0330 6084 srvnet - ok
15:17:23.0424 6084 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:17:23.0439 6084 ssmdrv - ok
15:17:23.0502 6084 STHDA (84c78b53838bdec2b0853adc782cd5de) C:\Windows\system32\DRIVERS\stwrt.sys
15:17:23.0580 6084 STHDA - ok
15:17:23.0673 6084 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:17:23.0689 6084 swenum - ok
15:17:23.0704 6084 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:17:23.0720 6084 Symc8xx - ok
15:17:23.0736 6084 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:17:23.0751 6084 Sym_hi - ok
15:17:23.0767 6084 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:17:23.0767 6084 Sym_u3 - ok
15:17:23.0876 6084 SynTP (a94629c2c456a6d002556563d6b8ad1a) C:\Windows\system32\DRIVERS\SynTP.sys
15:17:23.0907 6084 SynTP - ok
15:17:23.0985 6084 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:17:24.0032 6084 Tcpip - ok
15:17:24.0126 6084 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:17:24.0157 6084 Tcpip6 - ok
15:17:24.0219 6084 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:17:24.0282 6084 tcpipreg - ok
15:17:24.0328 6084 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:17:24.0360 6084 TDPIPE - ok
15:17:24.0438 6084 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:17:24.0469 6084 TDTCP - ok
15:17:24.0516 6084 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:17:24.0547 6084 tdx - ok
15:17:24.0609 6084 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:17:24.0625 6084 TermDD - ok
15:17:24.0750 6084 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:17:24.0765 6084 tssecsrv - ok
15:17:24.0812 6084 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:17:24.0874 6084 tunnel - ok
15:17:24.0968 6084 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:17:24.0984 6084 uagp35 - ok
15:17:25.0030 6084 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:17:25.0062 6084 udfs - ok
15:17:25.0093 6084 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:17:25.0108 6084 uliagpkx - ok
15:17:25.0202 6084 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:17:25.0218 6084 uliahci - ok
15:17:25.0249 6084 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:17:25.0264 6084 UlSata - ok
15:17:25.0264 6084 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:17:25.0280 6084 ulsata2 - ok
15:17:25.0311 6084 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:17:25.0358 6084 umbus - ok
15:17:25.0467 6084 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:17:25.0514 6084 usbccgp - ok
15:17:25.0561 6084 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:17:25.0639 6084 usbcir - ok
15:17:25.0779 6084 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:17:25.0810 6084 usbehci - ok
15:17:25.0826 6084 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:17:25.0873 6084 usbhub - ok
15:17:25.0920 6084 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:17:25.0966 6084 usbohci - ok
15:17:26.0044 6084 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:17:26.0091 6084 usbprint - ok
15:17:26.0138 6084 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:17:26.0185 6084 USBSTOR - ok
15:17:26.0232 6084 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:17:26.0263 6084 usbuhci - ok
15:17:26.0341 6084 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:17:26.0403 6084 usbvideo - ok
15:17:26.0497 6084 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:17:26.0544 6084 vga - ok
15:17:26.0622 6084 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:17:26.0668 6084 VgaSave - ok
15:17:26.0731 6084 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:17:26.0762 6084 viaagp - ok
15:17:26.0840 6084 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:17:26.0887 6084 ViaC7 - ok
15:17:26.0934 6084 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
15:17:26.0949 6084 viaide - ok
15:17:27.0012 6084 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:17:27.0027 6084 volmgr - ok
15:17:27.0074 6084 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:17:27.0090 6084 volmgrx - ok
15:17:27.0183 6084 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:17:27.0199 6084 volsnap - ok
15:17:27.0277 6084 Vsdatant (c8f5455f43977580d489ce31178f4166) C:\Windows\system32\DRIVERS\vsdatant.sys
15:17:27.0292 6084 Vsdatant - ok
15:17:27.0386 6084 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:17:27.0417 6084 vsmraid - ok
15:17:27.0464 6084 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:17:27.0526 6084 WacomPen - ok
15:17:27.0620 6084 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:17:27.0651 6084 Wanarp - ok
15:17:27.0651 6084 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:17:27.0682 6084 Wanarpv6 - ok
15:17:27.0714 6084 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:17:27.0729 6084 Wd - ok
15:17:27.0760 6084 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:17:27.0792 6084 Wdf01000 - ok
15:17:27.0901 6084 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:17:27.0932 6084 WmiAcpi - ok
15:17:28.0010 6084 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:17:28.0072 6084 WpdUsb - ok
15:17:28.0166 6084 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:17:28.0197 6084 ws2ifsl - ok
15:17:28.0260 6084 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:17:28.0275 6084 WUDFRd - ok
15:17:28.0400 6084 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
15:17:28.0478 6084 yukonwlh - ok
15:17:28.0572 6084 {55662437-DA8C-40c0-AADA-2C816A897A49} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
15:17:28.0587 6084 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:17:28.0603 6084 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
15:17:29.0461 6084 \Device\Harddisk0\DR0 - ok
15:17:29.0492 6084 Boot (0x1200) (0715e651a19a54fa7561e489a309d7d9) \Device\Harddisk0\DR0\Partition0
15:17:29.0492 6084 \Device\Harddisk0\DR0\Partition0 - ok
15:17:29.0523 6084 Boot (0x1200) (7e54eec1878cb440ec555748a5e4885b) \Device\Harddisk0\DR0\Partition1
15:17:29.0539 6084 \Device\Harddisk0\DR0\Partition1 - ok
15:17:29.0539 6084 ============================================================
15:17:29.0539 6084 Scan finished
15:17:29.0539 6084 ============================================================
15:17:29.0554 4120 Detected object count: 0
15:17:29.0554 4120 Actual detected object count: 0
|
|
29.12.2011, 15:57
| #12 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" passt. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.12.2011, 02:33
| #13 |
| | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Voilà: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.29.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19170 *** :: ***-PC [Administrator] 29.12.2011 16:08:03 mbam-log-2011-12-29 (16-08-03).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 389096 Laufzeit: 1 Stunde(n), 38 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\***\M-1-25-5432-6437-5685 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 15 C:\Users\***\AppData\Roaming\07519\A7087.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\07519\BB2D5.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\8730\3FB1.tmp (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\8730\6316.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\IMG28057850.JPEG.scr (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\installer_divx_web_player_1_2_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\12282011_172413\C_Program Files\19EBA\lvvm.exe (Trojan.Downloader.BH) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\12282011_172413\C_ProgramData\dxpctf.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\12282011_172413\C_Programme\LP\8730\38B.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\firefox.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\netctf.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\19EBA\lvvm.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\Microsoft\8730\38B.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\12282011_172413\C_Users\user\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe (Trojan.Agent.BH) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\12282011_172413\C_Users\user\M-1-25-5432-6437-5685\winmgr.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
30.12.2011, 13:38
| #14 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" lad mal bitte hitmanpro http://www.trojaner-board.de/99424-c...o-scannen.html doppelklicken, settings testlicense. dann scannen, funde in quarantäne, log als xml datei exportieren und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.12.2011, 15:28
| #15 |
| | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Bitteschön: |
|
| Themen zu "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" |
| ahnung, andere, aus sicherheitsgründen wurde ihr windowssystem blockiert, bezahlen, bildschirm, bildschirm schwarz, blockiert, daten, entferne, entfernen, erscheint, fenster, hoffe, laptop, lieben, problem, schonmal, schwarz, sichere, unwissende, unwissenden, verloren, vista, windows, windows vista, windowssystem blockiert, wirklich, wurde ihr |
Hybrid-Darstellung
