| |
| |||||||
Log-Analyse und Auswertung: Windows System aus Sicherheitsgründen blockiert...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.01.2012, 01:41
| #1 |
 |  Windows System aus Sicherheitsgründen blockiert... Hallo Leute, habe ebenfalls das Problem mit diesem Virus, wodurch mir die Meldung angezeigt wird, dass das Windows System aus Sicherheitsgründen blockiert wurde und ich einen Geldbetrag zahlen soll... Habe mich hier ein bisschen erkundigt und Malwarebytes heruntergeladen. Danach habe ich einen Vollscan durchgeführt und die entdeckten Viren entfernen lassen. Hier das logfile danach: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.09.08 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 tim :: TIM-PC [Administrator] 10.01.2012 00:39:57 mbam-log-2012-01-10 (00-39-57).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 301930 Laufzeit: 34 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{D6C860ED-A7BC-11DE-8A4B-806E6F6E6963} (Trojan.Ransom) -> Daten: C:\Users\tim\AppData\Roaming\Microsoft\loadhst.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\tim\AppData\Roaming\Microsoft\loadhst.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
10.01.2012, 12:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows System aus Sicherheitsgründen blockiert... Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
10.01.2012, 14:53
| #3 |
| | Windows System aus Sicherheitsgründen blockiert... Hi, hat dann doch etwas länger gedauert...
__________________Also, habe bisher noch nie mit Malwarebytes gescannt, wurde frisch heruntergeladen, das da oben ist auch die einzige Logdatei. Hier nun noch der ESET-Scan, Laptop funktioniert übrigens wieder im "normalen Modus"... Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e29a9df85f738442ae913e66394c55a7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-10 01:38:02
# local_time=2012-01-10 02:38:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 55674 62733532 84112 0
# compatibility_mode=5121 16776573 100 96 56584194 78559059 0 0
# compatibility_mode=5893 16776574 66 85 4497383 77827902 0 0
# compatibility_mode=8192 67108863 100 0 44861 44861 0 0
# scanned=127666
# found=0
# cleaned=0
# scan_time=5971
|
|
10.01.2012, 16:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows System aus Sicherheitsgründen blockiert... Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.01.2012, 17:12
| #5 |
| | Windows System aus Sicherheitsgründen blockiert... Hier das Ergebnis Code:
ATTFilter OTL logfile created on: 1/10/2012 4:47:56 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\tim\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.97 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 61.38% Memory free 5.93 Gb Paging File | 4.74 Gb Available in Paging File | 80.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 141.49 Gb Total Space | 96.33 Gb Free Space | 68.08% Space Free | Partition Type: NTFS Drive D: | 141.50 Gb Total Space | 131.61 Gb Free Space | 93.01% Space Free | Partition Type: NTFS Computer Name: TIM-PC | User Name: tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/10 00:06:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2011/06/29 09:31:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/06/18 18:57:54 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe PRC - [2011/04/28 01:50:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/04/07 21:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011/01/10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/04/16 13:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE PRC - [2010/02/01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010/02/01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe PRC - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe PRC - [2009/09/08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/09/07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/08/23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/08/06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/07/27 03:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/01/26 00:42:08 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll MOD - [2010/04/16 13:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll MOD - [2010/03/14 23:51:49 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2010/01/03 22:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011/06/29 09:31:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/28 16:25:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/04/28 01:50:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/08/01 08:26:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -- (McODS) SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield) SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon) SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy) SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc) SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - [2011/06/29 09:31:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/29 09:31:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/09/21 16:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serial.sys -- (Serial) DRV - [2009/04/09 06:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/20 10:12:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 16:53:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/19 12:10:31 | 000,000,000 | ---D | M] [2009/11/29 18:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Extensions [2011/09/17 16:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions [2010/12/29 00:21:35 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2010/10/11 14:28:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/01/08 18:30:14 | 000,000,961 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin-1.xml [2010/10/11 14:28:55 | 000,000,168 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.gif [2010/10/11 14:28:55 | 000,000,618 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.src [2010/12/24 12:02:49 | 000,001,069 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.xml [2011/03/02 14:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/03/02 14:02:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/03/02 14:01:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/12/26 16:53:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/12/26 16:53:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/12/26 16:53:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/08/16 12:29:44 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2010/12/26 16:53:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/12/26 16:53:01 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: SiteAdvisor = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll () O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.) O4 - HKCU..\Run: [Mozilla Firefox] C:\Users\tim\AppData\Roaming\Mozilla\Firefox\firefox.exe File not found O4 - Startup: C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4721886E-7EB6-486F-8E74-2C23884CAC7B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/10 01:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/01/10 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Malwarebytes [2012/01/10 00:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/10 00:28:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/01/10 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/01/10 00:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/10 00:27:51 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\tim\Desktop\mbam-setup-1.60.0.1800.exe [2012/01/10 00:05:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe [2011/12/17 14:41:33 | 000,000,000 | ---D | C] -- C:\Users\tim\Desktop\ebayshop ========== Files - Modified Within 30 Days ========== [2012/01/10 16:12:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/10 12:44:45 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/01/10 12:44:45 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/01/10 12:44:45 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/01/10 12:44:45 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/01/10 12:44:00 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/10 12:44:00 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/10 12:42:02 | 000,030,639 | ---- | M] () -- C:\windows\System32\Config.MPF [2012/01/10 12:41:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/01/10 03:09:41 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/10 03:08:54 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2012/01/10 00:28:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/01/10 00:28:36 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\tim\Desktop\mbam-setup-1.60.0.1800.exe [2012/01/10 00:06:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe [2012/01/09 22:06:33 | 000,018,484 | ---- | M] () -- C:\Users\tim\Desktop\Homepage.odt [2012/01/08 19:12:15 | 000,000,432 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for tim.job [2012/01/07 04:15:17 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/01/01 15:25:14 | 000,000,348 | ---- | M] () -- C:\windows\tasks\McQcTask.job [2011/12/24 12:20:14 | 000,432,424 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/12/15 01:00:00 | 000,000,368 | ---- | M] () -- C:\windows\tasks\McDefragTask.job ========== Files Created - No Company Name ========== [2012/01/10 00:28:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/01/09 22:06:31 | 000,018,484 | ---- | C] () -- C:\Users\tim\Desktop\Homepage.odt [2011/04/18 13:38:48 | 000,151,080 | -H-- | C] () -- C:\windows\System32\mlfcache.dat [2010/12/03 17:53:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2010/02/27 20:40:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/02/20 12:53:23 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll [2009/12/21 22:57:54 | 000,000,116 | ---- | C] () -- C:\windows\System32\applet.ini [2009/10/24 13:51:15 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/10/24 13:35:10 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/09/22 23:05:23 | 000,700,836 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/09/22 23:05:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/09/22 23:05:23 | 000,149,920 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/09/22 23:05:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/09/22 06:45:54 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2009/09/22 06:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 05:33:53 | 000,432,424 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,653,898 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,121,090 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.# [2011/09/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\.minecraft [2010/06/10 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Canon [2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FileZilla [2009/11/01 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FUJIFILM [2010/01/27 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GameConsole [2010/12/03 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GetRightToGo [2010/01/24 03:49:11 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Go Go Gourmet [2011/12/18 00:58:04 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\ICQ [2010/05/13 07:10:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient [2010/02/27 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010/03/14 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org [2010/07/16 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Opera [2010/02/16 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\PlayFirst [2009/12/21 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\QIP [2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\TS3Client [2010/04/24 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Windows Live Writer [2011/12/15 01:00:00 | 000,000,368 | ---- | M] () -- C:\windows\Tasks\McDefragTask.job [2012/01/01 15:25:14 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\McQcTask.job [2010/12/16 15:51:15 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.# [2011/09/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\.minecraft [2010/02/26 19:47:33 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Adobe [2010/12/01 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Apple Computer [2011/03/22 23:07:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Avira [2010/06/10 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Canon [2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FileZilla [2009/11/01 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FUJIFILM [2010/01/27 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GameConsole [2010/12/03 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GetRightToGo [2010/01/24 03:49:11 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Go Go Gourmet [2009/10/24 13:53:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Google [2011/12/18 00:58:04 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\ICQ [2009/10/24 13:52:40 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Identities [2010/05/13 07:10:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient [2010/02/27 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2009/10/24 14:12:23 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Macromedia [2012/01/10 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Malwarebytes [2009/09/22 22:54:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Media Center Programs [2012/01/10 01:44:05 | 000,000,000 | --SD | M] -- C:\Users\tim\AppData\Roaming\Microsoft [2009/11/29 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Mozilla [2010/03/14 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org [2010/07/16 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Opera [2010/02/16 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\PlayFirst [2009/12/21 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\QIP [2011/07/02 06:19:25 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Skype [2011/07/02 05:53:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\skypePM [2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\TS3Client [2011/09/24 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\vlc [2010/04/24 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Windows Live Writer [2010/02/14 15:14:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011/02/23 02:02:37 | 000,187,227 | ---- | M] () -- C:\Users\tim\AppData\Roaming\.minecraft\bin\mcpatcher-1.1.12_02.exe [2011/06/18 18:57:46 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\tim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EA701346 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > |
|
10.01.2012, 19:35
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows System aus Sicherheitsgründen blockiert...Zitat:
Umgehend einen der beiden Scanner deinstallieren, Windows neu starten und ein neues OTL-CustomLog erstellen. Falls McAfee oder AntiVir was mal gefunden haben, davon die Logs vorher posten!
__________________ --> Windows System aus Sicherheitsgründen blockiert... |
|
10.01.2012, 23:16
| #7 |
| | Windows System aus Sicherheitsgründen blockiert... McAfee war aufm Laptop drauf, ist aber seit geraumer Zeit abgelaufen und quasi nicht mehr als Virenschutz aktiv dachte ich... deswegen hab ich nachträglich Avira installiert... dabei McAfee jedoch nicht deinstalliert. Hier nochmal das OTL-Log Code:
ATTFilter OTL logfile created on: 1/10/2012 10:55:43 PM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\tim\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.97 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 68.01% Memory free 5.93 Gb Paging File | 4.91 Gb Available in Paging File | 82.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 141.49 Gb Total Space | 97.79 Gb Free Space | 69.11% Space Free | Partition Type: NTFS Drive D: | 141.50 Gb Total Space | 131.61 Gb Free Space | 93.01% Space Free | Partition Type: NTFS Computer Name: TIM-PC | User Name: tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/10 00:06:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe PRC - [2011/06/29 09:31:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/04/28 01:50:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/04/07 21:43:20 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011/04/07 21:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011/01/10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010/02/01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010/02/01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/09/08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/09/07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/08/23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe PRC - [2009/08/06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/07/27 03:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/01/26 00:42:08 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll MOD - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll MOD - [2010/03/14 23:51:49 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2010/01/03 22:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - [2011/06/29 09:31:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/28 16:25:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/04/28 01:50:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/08/01 08:26:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - [2011/06/29 09:31:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/29 09:31:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/09/21 16:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serial.sys -- (Serial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 16:53:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/19 12:10:31 | 000,000,000 | ---D | M] [2009/11/29 18:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Extensions [2011/09/17 16:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions [2010/12/29 00:21:35 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2010/10/11 14:28:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/01/08 18:30:14 | 000,000,961 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin-1.xml [2010/10/11 14:28:55 | 000,000,168 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.gif [2010/10/11 14:28:55 | 000,000,618 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.src [2010/12/24 12:02:49 | 000,001,069 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.xml [2012/01/10 18:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/03/02 14:02:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012/01/10 18:54:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/12/26 16:53:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/12/26 16:53:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/12/26 16:53:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/08/16 12:29:44 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2010/12/26 16:53:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/12/26 16:53:01 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: SiteAdvisor = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.) O4 - HKCU..\Run: [Mozilla Firefox] C:\Users\tim\AppData\Roaming\Mozilla\Firefox\firefox.exe File not found O4 - Startup: C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4721886E-7EB6-486F-8E74-2C23884CAC7B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/10 20:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/01/10 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/01/10 20:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/01/10 18:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/01/10 01:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/01/10 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Malwarebytes [2012/01/10 00:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/10 00:28:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/01/10 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/01/10 00:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/10 00:05:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe [2011/12/17 14:41:33 | 000,000,000 | ---D | C] -- C:\Users\tim\Desktop\ebayshop ========== Files - Modified Within 30 Days ========== [2012/01/10 22:52:44 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/10 22:52:44 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/10 22:45:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/01/10 22:45:10 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2012/01/10 20:03:29 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/01/10 12:44:45 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/01/10 12:44:45 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/01/10 12:44:45 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/01/10 12:44:45 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/01/10 00:28:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/01/10 00:06:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe [2012/01/09 22:06:33 | 000,018,484 | ---- | M] () -- C:\Users\tim\Desktop\Homepage.odt [2011/12/24 12:20:14 | 000,432,424 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/01/10 20:03:29 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/01/10 00:28:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/01/09 22:06:31 | 000,018,484 | ---- | C] () -- C:\Users\tim\Desktop\Homepage.odt [2011/04/18 13:38:48 | 000,151,080 | -H-- | C] () -- C:\windows\System32\mlfcache.dat [2010/12/03 17:53:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2010/02/27 20:40:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/02/20 12:53:23 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll [2009/10/24 13:51:15 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/10/24 13:35:10 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/09/22 23:05:23 | 000,700,836 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/09/22 23:05:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/09/22 23:05:23 | 000,149,920 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/09/22 23:05:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/09/22 06:45:54 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2009/09/22 06:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 05:33:53 | 000,432,424 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,653,898 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,121,090 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.# [2011/09/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\.minecraft [2010/06/10 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Canon [2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FileZilla [2009/11/01 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FUJIFILM [2010/01/27 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GameConsole [2010/12/03 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GetRightToGo [2010/01/24 03:49:11 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Go Go Gourmet [2011/12/18 00:58:04 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\ICQ [2010/05/13 07:10:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient [2010/02/27 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010/03/14 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org [2010/07/16 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Opera [2010/02/16 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\PlayFirst [2009/12/21 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\QIP [2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\TS3Client [2010/04/24 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Windows Live Writer [2010/12/16 15:51:15 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.# [2011/09/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\.minecraft [2010/02/26 19:47:33 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Adobe [2012/01/10 20:07:06 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Apple Computer [2011/03/22 23:07:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Avira [2010/06/10 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Canon [2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FileZilla [2009/11/01 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FUJIFILM [2010/01/27 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GameConsole [2010/12/03 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GetRightToGo [2010/01/24 03:49:11 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Go Go Gourmet [2009/10/24 13:53:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Google [2011/12/18 00:58:04 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\ICQ [2009/10/24 13:52:40 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Identities [2010/05/13 07:10:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient [2010/02/27 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2009/10/24 14:12:23 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Macromedia [2012/01/10 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Malwarebytes [2009/09/22 22:54:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Media Center Programs [2012/01/10 01:44:05 | 000,000,000 | --SD | M] -- C:\Users\tim\AppData\Roaming\Microsoft [2009/11/29 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Mozilla [2010/03/14 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org [2010/07/16 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Opera [2010/02/16 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\PlayFirst [2009/12/21 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\QIP [2011/07/02 06:19:25 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Skype [2011/07/02 05:53:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\skypePM [2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\TS3Client [2011/09/24 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\vlc [2010/04/24 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Windows Live Writer [2010/02/14 15:14:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011/02/23 02:02:37 | 000,187,227 | ---- | M] () -- C:\Users\tim\AppData\Roaming\.minecraft\bin\mcpatcher-1.1.12_02.exe [2011/06/18 18:57:46 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\tim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EA701346 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 9. Januar 2012 22:45
Es wird nach 3038734 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Abgesicherter Modus
Benutzername : tim
Computername : TIM-PC
Versionsinformationen:
BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 29.06.2011 08:31:01
AVSCAN.DLL : 10.0.5.0 57192 Bytes 29.06.2011 08:31:00
LUKE.DLL : 10.3.0.5 45416 Bytes 29.06.2011 08:31:01
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 29.06.2011 08:31:02
AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 09:54:13
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:10:53
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 20:10:53
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 20:10:53
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 20:10:53
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 20:10:53
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 20:10:53
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 20:10:54
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 20:10:54
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 20:10:54
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 20:10:54
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 20:10:54
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 00:59:35
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 11:21:14
VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 12:00:11
VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 11:20:04
VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 12:07:11
VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 11:20:02
VBASE019.VDF : 7.11.20.178 167424 Bytes 06.01.2012 11:19:59
VBASE020.VDF : 7.11.20.179 2048 Bytes 06.01.2012 11:19:59
VBASE021.VDF : 7.11.20.180 2048 Bytes 06.01.2012 11:19:59
VBASE022.VDF : 7.11.20.181 2048 Bytes 06.01.2012 11:19:59
VBASE023.VDF : 7.11.20.182 2048 Bytes 06.01.2012 11:20:00
VBASE024.VDF : 7.11.20.183 2048 Bytes 06.01.2012 11:20:00
VBASE025.VDF : 7.11.20.184 2048 Bytes 06.01.2012 11:20:00
VBASE026.VDF : 7.11.20.185 2048 Bytes 06.01.2012 11:20:00
VBASE027.VDF : 7.11.20.186 2048 Bytes 06.01.2012 11:20:00
VBASE028.VDF : 7.11.20.187 2048 Bytes 06.01.2012 11:20:00
VBASE029.VDF : 7.11.20.188 2048 Bytes 06.01.2012 11:20:00
VBASE030.VDF : 7.11.20.189 2048 Bytes 06.01.2012 11:20:00
VBASE031.VDF : 7.11.20.198 101376 Bytes 09.01.2012 11:36:19
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 20:18:11
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 29.12.2011 11:48:14
AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49
AESBX.DLL : 8.2.4.5 434549 Bytes 02.12.2011 10:33:10
AERDL.DLL : 8.1.9.15 639348 Bytes 09.09.2011 05:34:09
AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 20:47:48
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 11:20:09
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 30.12.2011 11:20:09
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 20:18:01
AEGEN.DLL : 8.1.5.17 405877 Bytes 08.12.2011 20:07:46
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42
AECORE.DLL : 8.1.24.3 201079 Bytes 29.12.2011 11:47:17
AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56
AVPREF.DLL : 10.0.3.2 44904 Bytes 29.06.2011 08:31:00
AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 10:23:18
AVARKT.DLL : 10.0.26.1 255336 Bytes 29.06.2011 08:31:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 29.06.2011 08:31:00
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 29.06.2011 08:31:00
RCTEXT.DLL : 10.0.64.0 98664 Bytes 29.06.2011 08:31:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 9. Januar 2012 22:45
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Treiber konnte nicht initialisiert werden.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'WMIADAP.EXE' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcagent.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcmscsvc.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'helppane.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '565' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\65e4bdce-192037d6
[0] Archivtyp: ZIP
--> mail/Cid.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Exdoer.FJ
--> mail/MailAgent.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN.2
--> mail/VirtualTable.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO.1
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4fab3013-19212337
[0] Archivtyp: ZIP
--> json/Parser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.EV
--> json/XML.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\18d64ca3-49c649be
[0] Archivtyp: ZIP
--> report/Generator.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.U
--> report/HDDDetect.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\2557d404-7d8d8ce1
[0] Archivtyp: ZIP
--> json/Option.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.L
--> json/Parser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Dldr.A
--> json/SmartyPointer.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.F
--> json/ThreadParser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.E
--> json/XML.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\57ba75e8-331d95cf
[0] Archivtyp: ZIP
--> mail/MailAgent.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AS
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\43025b2c-6a6a39dd
[0] Archivtyp: ZIP
--> mail/MailAgent.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AS
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2e63d536-3098f962
[0] Archivtyp: ZIP
--> json/Parser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.EV
--> json/XML.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\63b96ebd-4b52602e
[0] Archivtyp: ZIP
--> json/Parser.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.BH
--> json/XML.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL
Beginne mit der Suche in 'D:\'
Beginne mit der Desinfektion:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\63b96ebd-4b52602e
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ae7c51f.qua' verschoben!
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2e63d536-3098f962
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '525cea6a.qua' verschoben!
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\43025b2c-6a6a39dd
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AS
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0079b050.qua' verschoben!
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\57ba75e8-331d95cf
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AS
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6618ff9e.qua' verschoben!
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\2557d404-7d8d8ce1
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '23b1d2ae.qua' verschoben!
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\18d64ca3-49c649be
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5c85e0c0.qua' verschoben!
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4fab3013-19212337
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '103ecc54.qua' verschoben!
C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\65e4bdce-192037d6
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6c3a8cd5.qua' verschoben!
Ende des Suchlaufs: Montag, 9. Januar 2012 23:33
Benötigte Zeit: 47:06 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
23837 Verzeichnisse wurden überprüft
561747 Dateien wurden geprüft
18 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
8 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
561729 Dateien ohne Befall
4564 Archive wurden durchsucht
0 Warnungen
8 Hinweise
|
|
11.01.2012, 11:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows System aus Sicherheitsgründen blockiert... Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2304157
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
[2010/10/11 14:28:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/01/08 18:30:14 | 000,000,961 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin-1.xml
[2010/10/11 14:28:55 | 000,000,168 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.gif
[2010/10/11 14:28:55 | 000,000,618 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.src
[2010/12/24 12:02:49 | 000,001,069 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.xml
[2010/08/16 12:29:44 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKCU..\Run: [Mozilla Firefox] C:\Users\tim\AppData\Roaming\Mozilla\Firefox\firefox.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.#
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.01.2012, 13:55
| #9 |
| | Windows System aus Sicherheitsgründen blockiert... Alles klar, hab ich soweit befolgt. Hier das Ergebnis Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.src moved successfully.
C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A1691B-D188-4419-AD02-90002030B8EE}\ deleted successfully.
C:\PROGRA~1\FlashFXP\IEFlash.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mozilla Firefox deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\tim\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:EA701346 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: tim
->Temp folder emptied: 8071535 bytes
->Temporary Internet Files folder emptied: 86740258 bytes
->Java cache emptied: 220847 bytes
->FireFox cache emptied: 54425260 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3129525 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54192 bytes
RecycleBin emptied: 2518846560 bytes
Total Files Cleaned = 2,548.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01112012_134858
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
11.01.2012, 14:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows System aus Sicherheitsgründen blockiert... Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.01.2012, 19:21
| #11 |
| | Windows System aus Sicherheitsgründen blockiert...Code:
ATTFilter 19:14:34.0109 3984 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
19:14:34.0343 3984 ============================================================
19:14:34.0343 3984 Current date / time: 2012/01/11 19:14:34.0343
19:14:34.0343 3984 SystemInfo:
19:14:34.0343 3984
19:14:34.0343 3984 OS Version: 6.1.7601 ServicePack: 1.0
19:14:34.0343 3984 Product type: Workstation
19:14:34.0343 3984 ComputerName: TIM-PC
19:14:34.0343 3984 UserName: tim
19:14:34.0343 3984 Windows directory: C:\windows
19:14:34.0343 3984 System windows directory: C:\windows
19:14:34.0343 3984 Processor architecture: Intel x86
19:14:34.0343 3984 Number of processors: 2
19:14:34.0343 3984 Page size: 0x1000
19:14:34.0343 3984 Boot type: Normal boot
19:14:34.0343 3984 ============================================================
19:14:34.0779 3984 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
19:14:34.0904 3984 Initialize success
19:15:20.0643 1468 ============================================================
19:15:20.0643 1468 Scan started
19:15:20.0643 1468 Mode: Manual; SigCheck; TDLFS;
19:15:20.0643 1468 ============================================================
19:15:21.0595 1468 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
19:15:21.0735 1468 1394ohci - ok
19:15:21.0860 1468 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
19:15:21.0891 1468 ACPI - ok
19:15:22.0047 1468 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
19:15:22.0141 1468 AcpiPmi - ok
19:15:22.0281 1468 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
19:15:22.0328 1468 adp94xx - ok
19:15:22.0484 1468 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
19:15:22.0515 1468 adpahci - ok
19:15:22.0656 1468 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
19:15:22.0687 1468 adpu320 - ok
19:15:22.0812 1468 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
19:15:22.0874 1468 AFD - ok
19:15:22.0999 1468 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
19:15:23.0030 1468 agp440 - ok
19:15:23.0108 1468 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
19:15:23.0139 1468 aic78xx - ok
19:15:23.0217 1468 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
19:15:23.0249 1468 aliide - ok
19:15:23.0295 1468 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
19:15:23.0311 1468 amdagp - ok
19:15:23.0373 1468 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
19:15:23.0389 1468 amdide - ok
19:15:23.0436 1468 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
19:15:23.0498 1468 AmdK8 - ok
19:15:23.0545 1468 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
19:15:23.0607 1468 AmdPPM - ok
19:15:23.0654 1468 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
19:15:23.0670 1468 amdsata - ok
19:15:23.0701 1468 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
19:15:23.0732 1468 amdsbs - ok
19:15:23.0763 1468 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
19:15:23.0779 1468 amdxata - ok
19:15:23.0873 1468 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
19:15:23.0997 1468 AppID - ok
19:15:24.0138 1468 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
19:15:24.0169 1468 arc - ok
19:15:24.0200 1468 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
19:15:24.0231 1468 arcsas - ok
19:15:24.0263 1468 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
19:15:24.0372 1468 AsyncMac - ok
19:15:24.0497 1468 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
19:15:24.0512 1468 atapi - ok
19:15:24.0621 1468 athr (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys
19:15:24.0699 1468 athr - ok
19:15:24.0824 1468 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
19:15:24.0887 1468 avgntflt - ok
19:15:24.0918 1468 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
19:15:24.0933 1468 avipbb - ok
19:15:25.0043 1468 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
19:15:25.0121 1468 b06bdrv - ok
19:15:25.0183 1468 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
19:15:25.0214 1468 b57nd60x - ok
19:15:25.0323 1468 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
19:15:25.0401 1468 Beep - ok
19:15:25.0433 1468 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
19:15:25.0526 1468 blbdrive - ok
19:15:25.0604 1468 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
19:15:25.0698 1468 bowser - ok
19:15:25.0745 1468 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:15:25.0823 1468 BrFiltLo - ok
19:15:25.0854 1468 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:15:25.0916 1468 BrFiltUp - ok
19:15:25.0994 1468 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
19:15:26.0088 1468 Brserid - ok
19:15:26.0119 1468 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
19:15:26.0150 1468 BrSerWdm - ok
19:15:26.0166 1468 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
19:15:26.0213 1468 BrUsbMdm - ok
19:15:26.0228 1468 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
19:15:26.0244 1468 BrUsbSer - ok
19:15:26.0275 1468 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
19:15:26.0337 1468 BTHMODEM - ok
19:15:26.0400 1468 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
19:15:26.0478 1468 cdfs - ok
19:15:26.0540 1468 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
19:15:26.0571 1468 cdrom - ok
19:15:26.0618 1468 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
19:15:26.0634 1468 circlass - ok
19:15:26.0681 1468 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
19:15:26.0696 1468 CLFS - ok
19:15:26.0727 1468 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
19:15:26.0805 1468 CmBatt - ok
19:15:26.0821 1468 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
19:15:26.0837 1468 cmdide - ok
19:15:26.0868 1468 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
19:15:26.0915 1468 CNG - ok
19:15:26.0961 1468 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
19:15:26.0977 1468 Compbatt - ok
19:15:27.0024 1468 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
19:15:27.0071 1468 CompositeBus - ok
19:15:27.0117 1468 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
19:15:27.0133 1468 crcdisk - ok
19:15:27.0195 1468 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
19:15:27.0242 1468 DfsC - ok
19:15:27.0273 1468 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
19:15:27.0351 1468 discache - ok
19:15:27.0429 1468 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
19:15:27.0445 1468 Disk - ok
19:15:27.0476 1468 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
19:15:27.0492 1468 drmkaud - ok
19:15:27.0539 1468 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
19:15:27.0585 1468 DXGKrnl - ok
19:15:27.0695 1468 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
19:15:27.0773 1468 ebdrv - ok
19:15:27.0929 1468 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
19:15:27.0975 1468 elxstor - ok
19:15:28.0007 1468 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
19:15:28.0038 1468 ErrDev - ok
19:15:28.0100 1468 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
19:15:28.0163 1468 exfat - ok
19:15:28.0178 1468 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
19:15:28.0225 1468 fastfat - ok
19:15:28.0287 1468 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
19:15:28.0350 1468 fdc - ok
19:15:28.0381 1468 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
19:15:28.0397 1468 FileInfo - ok
19:15:28.0428 1468 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
19:15:28.0506 1468 Filetrace - ok
19:15:28.0537 1468 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
19:15:28.0568 1468 flpydisk - ok
19:15:28.0615 1468 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
19:15:28.0677 1468 FltMgr - ok
19:15:28.0709 1468 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
19:15:28.0724 1468 FsDepends - ok
19:15:28.0755 1468 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
19:15:28.0787 1468 fssfltr - ok
19:15:28.0818 1468 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
19:15:28.0833 1468 Fs_Rec - ok
19:15:28.0896 1468 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
19:15:28.0911 1468 fvevol - ok
19:15:28.0958 1468 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
19:15:28.0974 1468 gagp30kx - ok
19:15:29.0021 1468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:15:29.0021 1468 GEARAspiWDM - ok
19:15:29.0036 1468 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
19:15:29.0067 1468 hcw85cir - ok
19:15:29.0130 1468 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
19:15:29.0177 1468 HdAudAddService - ok
19:15:29.0208 1468 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
19:15:29.0223 1468 HDAudBus - ok
19:15:29.0255 1468 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
19:15:29.0270 1468 HidBatt - ok
19:15:29.0286 1468 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
19:15:29.0301 1468 HidBth - ok
19:15:29.0348 1468 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
19:15:29.0364 1468 HidIr - ok
19:15:29.0426 1468 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
19:15:29.0457 1468 HidUsb - ok
19:15:29.0489 1468 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
19:15:29.0504 1468 HpSAMD - ok
19:15:29.0582 1468 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
19:15:29.0629 1468 HTTP - ok
19:15:29.0660 1468 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
19:15:29.0676 1468 hwpolicy - ok
19:15:29.0723 1468 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
19:15:29.0769 1468 i8042prt - ok
19:15:29.0816 1468 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
19:15:29.0816 1468 iaStor - ok
19:15:29.0879 1468 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
19:15:29.0910 1468 iaStorV - ok
19:15:30.0066 1468 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
19:15:30.0222 1468 igfx - ok
19:15:30.0331 1468 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
19:15:30.0362 1468 iirsp - ok
19:15:30.0487 1468 IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\windows\system32\drivers\RTKVHDA.sys
19:15:30.0581 1468 IntcAzAudAddService - ok
19:15:30.0690 1468 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
19:15:30.0721 1468 intelide - ok
19:15:30.0768 1468 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
19:15:30.0783 1468 intelppm - ok
19:15:30.0830 1468 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:15:30.0893 1468 IpFilterDriver - ok
19:15:30.0939 1468 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
19:15:30.0986 1468 IPMIDRV - ok
19:15:31.0017 1468 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
19:15:31.0049 1468 IPNAT - ok
19:15:31.0111 1468 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
19:15:31.0189 1468 IRENUM - ok
19:15:31.0205 1468 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
19:15:31.0236 1468 isapnp - ok
19:15:31.0283 1468 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
19:15:31.0314 1468 iScsiPrt - ok
19:15:31.0361 1468 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
19:15:31.0376 1468 kbdclass - ok
19:15:31.0423 1468 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
19:15:31.0454 1468 kbdhid - ok
19:15:31.0485 1468 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
19:15:31.0517 1468 KSecDD - ok
19:15:31.0548 1468 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
19:15:31.0579 1468 KSecPkg - ok
19:15:31.0641 1468 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
19:15:31.0688 1468 lltdio - ok
19:15:31.0735 1468 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
19:15:31.0751 1468 LSI_FC - ok
19:15:31.0766 1468 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
19:15:31.0782 1468 LSI_SAS - ok
19:15:31.0797 1468 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:15:31.0813 1468 LSI_SAS2 - ok
19:15:31.0844 1468 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:15:31.0860 1468 LSI_SCSI - ok
19:15:31.0891 1468 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
19:15:31.0969 1468 luafv - ok
19:15:32.0000 1468 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
19:15:32.0016 1468 megasas - ok
19:15:32.0031 1468 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
19:15:32.0047 1468 MegaSR - ok
19:15:32.0078 1468 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
19:15:32.0156 1468 Modem - ok
19:15:32.0172 1468 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
19:15:32.0187 1468 monitor - ok
19:15:32.0234 1468 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
19:15:32.0281 1468 mouclass - ok
19:15:32.0328 1468 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
19:15:32.0359 1468 mouhid - ok
19:15:32.0375 1468 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
19:15:32.0390 1468 mountmgr - ok
19:15:32.0437 1468 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
19:15:32.0468 1468 mpio - ok
19:15:32.0484 1468 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
19:15:32.0531 1468 mpsdrv - ok
19:15:32.0562 1468 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
19:15:32.0640 1468 MRxDAV - ok
19:15:32.0702 1468 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
19:15:32.0749 1468 mrxsmb - ok
19:15:32.0780 1468 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:15:32.0827 1468 mrxsmb10 - ok
19:15:32.0858 1468 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:15:32.0889 1468 mrxsmb20 - ok
19:15:32.0921 1468 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
19:15:32.0936 1468 msahci - ok
19:15:32.0983 1468 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
19:15:32.0999 1468 msdsm - ok
19:15:33.0030 1468 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
19:15:33.0108 1468 Msfs - ok
19:15:33.0123 1468 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
19:15:33.0170 1468 mshidkmdf - ok
19:15:33.0201 1468 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
19:15:33.0217 1468 msisadrv - ok
19:15:33.0264 1468 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
19:15:33.0311 1468 MSKSSRV - ok
19:15:33.0342 1468 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
19:15:33.0389 1468 MSPCLOCK - ok
19:15:33.0420 1468 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
19:15:33.0451 1468 MSPQM - ok
19:15:33.0498 1468 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
19:15:33.0513 1468 MsRPC - ok
19:15:33.0560 1468 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
19:15:33.0576 1468 mssmbios - ok
19:15:33.0623 1468 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
19:15:33.0654 1468 MSTEE - ok
19:15:33.0654 1468 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
19:15:33.0685 1468 MTConfig - ok
19:15:33.0716 1468 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
19:15:33.0732 1468 Mup - ok
19:15:33.0779 1468 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
19:15:33.0825 1468 NativeWifiP - ok
19:15:33.0888 1468 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
19:15:33.0919 1468 NDIS - ok
19:15:33.0935 1468 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
19:15:33.0981 1468 NdisCap - ok
19:15:34.0013 1468 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
19:15:34.0106 1468 NdisTapi - ok
19:15:34.0137 1468 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
19:15:34.0200 1468 Ndisuio - ok
19:15:34.0231 1468 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
19:15:34.0278 1468 NdisWan - ok
19:15:34.0309 1468 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
19:15:34.0356 1468 NDProxy - ok
19:15:34.0403 1468 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
19:15:34.0465 1468 NetBIOS - ok
19:15:34.0496 1468 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
19:15:34.0543 1468 NetBT - ok
19:15:34.0605 1468 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
19:15:34.0621 1468 nfrd960 - ok
19:15:34.0637 1468 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
19:15:34.0699 1468 Npfs - ok
19:15:34.0730 1468 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
19:15:34.0777 1468 nsiproxy - ok
19:15:34.0824 1468 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
19:15:34.0886 1468 Ntfs - ok
19:15:34.0917 1468 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
19:15:34.0949 1468 Null - ok
19:15:35.0229 1468 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\windows\system32\DRIVERS\nvlddmkm.sys
19:15:35.0588 1468 nvlddmkm - ok
19:15:35.0697 1468 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
19:15:35.0729 1468 nvraid - ok
19:15:35.0744 1468 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
19:15:35.0760 1468 nvstor - ok
19:15:35.0807 1468 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
19:15:35.0838 1468 nv_agp - ok
19:15:35.0900 1468 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
19:15:35.0947 1468 ohci1394 - ok
19:15:36.0009 1468 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
19:15:36.0072 1468 Parport - ok
19:15:36.0103 1468 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
19:15:36.0119 1468 partmgr - ok
19:15:36.0134 1468 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
19:15:36.0150 1468 Parvdm - ok
19:15:36.0197 1468 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
19:15:36.0228 1468 pci - ok
19:15:36.0259 1468 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
19:15:36.0275 1468 pciide - ok
19:15:36.0290 1468 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
19:15:36.0321 1468 pcmcia - ok
19:15:36.0337 1468 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
19:15:36.0353 1468 pcw - ok
19:15:36.0384 1468 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
19:15:36.0446 1468 PEAUTH - ok
19:15:36.0524 1468 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
19:15:36.0555 1468 PptpMiniport - ok
19:15:36.0571 1468 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
19:15:36.0587 1468 Processor - ok
19:15:36.0649 1468 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
19:15:36.0680 1468 Psched - ok
19:15:36.0743 1468 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
19:15:36.0789 1468 ql2300 - ok
19:15:36.0805 1468 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
19:15:36.0821 1468 ql40xx - ok
19:15:36.0836 1468 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
19:15:36.0867 1468 QWAVEdrv - ok
19:15:36.0883 1468 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
19:15:36.0914 1468 RasAcd - ok
19:15:36.0961 1468 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
19:15:37.0023 1468 RasAgileVpn - ok
19:15:37.0055 1468 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
19:15:37.0086 1468 Rasl2tp - ok
19:15:37.0133 1468 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
19:15:37.0179 1468 RasPppoe - ok
19:15:37.0195 1468 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
19:15:37.0226 1468 RasSstp - ok
19:15:37.0257 1468 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
19:15:37.0335 1468 rdbss - ok
19:15:37.0367 1468 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
19:15:37.0382 1468 rdpbus - ok
19:15:37.0413 1468 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
19:15:37.0460 1468 RDPCDD - ok
19:15:37.0507 1468 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
19:15:37.0538 1468 RDPENCDD - ok
19:15:37.0554 1468 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
19:15:37.0569 1468 RDPREFMP - ok
19:15:37.0616 1468 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
19:15:37.0647 1468 RDPWD - ok
19:15:37.0710 1468 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
19:15:37.0725 1468 rdyboost - ok
19:15:37.0788 1468 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
19:15:37.0835 1468 rspndr - ok
19:15:37.0881 1468 RTL8167 (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
19:15:37.0928 1468 RTL8167 - ok
19:15:37.0959 1468 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
19:15:37.0991 1468 SABI - ok
19:15:38.0053 1468 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
19:15:38.0069 1468 sbp2port - ok
19:15:38.0115 1468 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
19:15:38.0147 1468 scfilter - ok
19:15:38.0193 1468 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
19:15:38.0240 1468 secdrv - ok
19:15:38.0303 1468 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
19:15:38.0318 1468 Serenum - ok
19:15:38.0365 1468 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
19:15:38.0396 1468 Serial - ok
19:15:38.0443 1468 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
19:15:38.0474 1468 sermouse - ok
19:15:38.0521 1468 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
19:15:38.0568 1468 sffdisk - ok
19:15:38.0583 1468 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
19:15:38.0615 1468 sffp_mmc - ok
19:15:38.0646 1468 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
19:15:38.0661 1468 sffp_sd - ok
19:15:38.0693 1468 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
19:15:38.0739 1468 sfloppy - ok
19:15:38.0771 1468 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
19:15:38.0786 1468 sisagp - ok
19:15:38.0817 1468 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:15:38.0833 1468 SiSRaid2 - ok
19:15:38.0849 1468 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
19:15:38.0864 1468 SiSRaid4 - ok
19:15:38.0895 1468 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
19:15:38.0942 1468 Smb - ok
19:15:39.0005 1468 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
19:15:39.0020 1468 spldr - ok
19:15:39.0114 1468 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
19:15:39.0176 1468 srv - ok
19:15:39.0192 1468 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
19:15:39.0239 1468 srv2 - ok
19:15:39.0270 1468 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
19:15:39.0301 1468 srvnet - ok
19:15:39.0348 1468 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
19:15:39.0348 1468 ssmdrv - ok
19:15:39.0441 1468 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
19:15:39.0457 1468 stexstor - ok
19:15:39.0504 1468 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
19:15:39.0519 1468 swenum - ok
19:15:39.0582 1468 SynTP (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys
19:15:39.0644 1468 SynTP - ok
19:15:39.0722 1468 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
19:15:39.0785 1468 Tcpip - ok
19:15:39.0800 1468 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
19:15:39.0831 1468 TCPIP6 - ok
19:15:39.0863 1468 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
19:15:39.0909 1468 tcpipreg - ok
19:15:39.0956 1468 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
19:15:39.0987 1468 TDPIPE - ok
19:15:40.0019 1468 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
19:15:40.0065 1468 TDTCP - ok
19:15:40.0112 1468 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
19:15:40.0143 1468 tdx - ok
19:15:40.0175 1468 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
19:15:40.0206 1468 TermDD - ok
19:15:40.0237 1468 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
19:15:40.0284 1468 tssecsrv - ok
19:15:40.0331 1468 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
19:15:40.0362 1468 TsUsbFlt - ok
19:15:40.0424 1468 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
19:15:40.0487 1468 tunnel - ok
19:15:40.0518 1468 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
19:15:40.0533 1468 uagp35 - ok
19:15:40.0580 1468 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
19:15:40.0643 1468 udfs - ok
19:15:40.0689 1468 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
19:15:40.0705 1468 uliagpkx - ok
19:15:40.0752 1468 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
19:15:40.0767 1468 umbus - ok
19:15:40.0783 1468 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
19:15:40.0814 1468 UmPass - ok
19:15:40.0861 1468 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
19:15:40.0923 1468 USBAAPL - ok
19:15:40.0955 1468 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys
19:15:41.0001 1468 usbccgp - ok
19:15:41.0033 1468 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
19:15:41.0064 1468 usbcir - ok
19:15:41.0079 1468 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
19:15:41.0095 1468 usbehci - ok
19:15:41.0126 1468 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
19:15:41.0173 1468 usbhub - ok
19:15:41.0173 1468 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys
19:15:41.0204 1468 usbohci - ok
19:15:41.0267 1468 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
19:15:41.0313 1468 usbprint - ok
19:15:41.0345 1468 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
19:15:41.0360 1468 usbscan - ok
19:15:41.0407 1468 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\drivers\USBSTOR.SYS
19:15:41.0438 1468 USBSTOR - ok
19:15:41.0469 1468 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
19:15:41.0485 1468 usbuhci - ok
19:15:41.0532 1468 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
19:15:41.0610 1468 usbvideo - ok
19:15:41.0657 1468 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
19:15:41.0688 1468 vdrvroot - ok
19:15:41.0719 1468 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
19:15:41.0750 1468 vga - ok
19:15:41.0766 1468 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
19:15:41.0797 1468 VgaSave - ok
19:15:41.0844 1468 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
19:15:41.0875 1468 vhdmp - ok
19:15:41.0906 1468 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
19:15:41.0922 1468 viaagp - ok
19:15:41.0937 1468 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
19:15:41.0984 1468 ViaC7 - ok
19:15:42.0015 1468 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
19:15:42.0031 1468 viaide - ok
19:15:42.0062 1468 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
19:15:42.0078 1468 volmgr - ok
19:15:42.0125 1468 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
19:15:42.0140 1468 volmgrx - ok
19:15:42.0187 1468 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
19:15:42.0203 1468 volsnap - ok
19:15:42.0249 1468 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
19:15:42.0265 1468 vsmraid - ok
19:15:42.0281 1468 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
19:15:42.0359 1468 vwifibus - ok
19:15:42.0390 1468 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
19:15:42.0452 1468 vwififlt - ok
19:15:42.0483 1468 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
19:15:42.0530 1468 vwifimp - ok
19:15:42.0546 1468 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
19:15:42.0593 1468 WacomPen - ok
19:15:42.0624 1468 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:15:42.0671 1468 WANARP - ok
19:15:42.0671 1468 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:15:42.0702 1468 Wanarpv6 - ok
19:15:42.0780 1468 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
19:15:42.0795 1468 Wd - ok
19:15:42.0811 1468 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
19:15:42.0842 1468 Wdf01000 - ok
19:15:42.0905 1468 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
19:15:42.0936 1468 WfpLwf - ok
19:15:42.0936 1468 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
19:15:42.0951 1468 WIMMount - ok
19:15:43.0029 1468 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
19:15:43.0076 1468 WinUsb - ok
19:15:43.0107 1468 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
19:15:43.0139 1468 WmiAcpi - ok
19:15:43.0185 1468 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
19:15:43.0248 1468 ws2ifsl - ok
19:15:43.0295 1468 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
19:15:43.0373 1468 WudfPf - ok
19:15:43.0419 1468 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
19:15:43.0466 1468 WUDFRd - ok
19:15:43.0529 1468 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
19:15:43.0919 1468 \Device\Harddisk0\DR0 - ok
19:15:43.0934 1468 Boot (0x1200) (ffcf558f995dc6506b87e0580f61da7e) \Device\Harddisk0\DR0\Partition0
19:15:43.0950 1468 \Device\Harddisk0\DR0\Partition0 - ok
19:15:43.0950 1468 Boot (0x1200) (1fc161b5ac31634e8cc59e6a45853ebb) \Device\Harddisk0\DR0\Partition1
19:15:43.0965 1468 \Device\Harddisk0\DR0\Partition1 - ok
19:15:43.0981 1468 Boot (0x1200) (01b08efadb813ceb3e5708f761c58946) \Device\Harddisk0\DR0\Partition2
19:15:43.0981 1468 \Device\Harddisk0\DR0\Partition2 - ok
19:15:43.0981 1468 ============================================================
19:15:43.0981 1468 Scan finished
19:15:43.0981 1468 ============================================================
19:15:43.0997 5744 Detected object count: 0
19:15:43.0997 5744 Actual detected object count: 0
|
|
11.01.2012, 20:03
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows System aus Sicherheitsgründen blockiert... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.01.2012, 23:14
| #13 |
| | Windows System aus Sicherheitsgründen blockiert...Code:
ATTFilter ComboFix 12-01-10.02 - tim 11.01.2012 23:18:03.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.1938 [GMT 1:00]
ausgeführt von:: c:\users\tim\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-11 bis 2012-01-11 ))))))))))))))))))))))))))))))
.
.
2012-01-11 22:22 . 2012-01-11 22:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-11 22:22 . 2012-01-11 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 12:48 . 2012-01-11 12:48 -------- d-----w- C:\_OTL
2012-01-10 21:17 . 2011-11-30 01:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02202933-2B83-4C74-951B-2249CAC0CC3C}\mpengine.dll
2012-01-10 21:17 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 19:02 . 2012-01-10 19:02 -------- d-----w- c:\program files\iPod
2012-01-10 19:02 . 2012-01-10 19:03 -------- d-----w- c:\program files\iTunes
2012-01-10 17:54 . 2012-01-10 17:54 -------- d-----w- c:\program files\Common Files\Java
2012-01-10 00:30 . 2012-01-10 00:30 -------- d-----w- c:\program files\ESET
2012-01-09 23:28 . 2012-01-09 23:28 -------- d-----w- c:\users\tim\AppData\Roaming\Malwarebytes
2012-01-09 23:28 . 2012-01-09 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-09 23:28 . 2012-01-09 23:28 -------- d-----w- c:\programdata\Malwarebytes
2012-01-09 23:28 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 11:36 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-10 04:54 . 2011-03-02 13:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1343400]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 73505320
*Deregistered* - 73505320
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-11 23:24:24
ComboFix-quarantined-files.txt 2012-01-11 22:24
ComboFix2.txt 2012-01-11 22:09
.
Vor Suchlauf: 14 Verzeichnis(se), 107.080.835.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 107.037.425.664 Bytes frei
.
- - End Of File - - 3A218BFA0285A99E98A7B7FF50A234B7
Geändert von waloya (11.01.2012 um 23:37 Uhr) |
|
12.01.2012, 18:55
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows System aus Sicherheitsgründen blockiert... Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.01.2012, 23:11
| #15 |
| | Windows System aus Sicherheitsgründen blockiert... Antivir hat vorhin anscheinend etwas gedeckt, allerdings in der ComboFix Datei... hm Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Donnerstag, 12. Januar 2012 21:48
Es wird nach 3065252 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : TIM-PC
Versionsinformationen:
BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 29.06.2011 08:31:01
AVSCAN.DLL : 10.0.5.0 57192 Bytes 29.06.2011 08:31:00
LUKE.DLL : 10.3.0.5 45416 Bytes 29.06.2011 08:31:01
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 29.06.2011 08:31:02
AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 09:54:13
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:10:53
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 20:10:53
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 20:10:53
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 20:10:53
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 20:10:53
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 20:10:53
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 20:10:54
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 20:10:54
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 20:10:54
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 20:10:54
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 20:10:54
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 00:59:35
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 11:21:14
VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 12:00:11
VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 11:20:04
VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 12:07:11
VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 11:20:02
VBASE019.VDF : 7.11.20.178 167424 Bytes 06.01.2012 11:19:59
VBASE020.VDF : 7.11.20.207 230400 Bytes 10.01.2012 15:59:35
VBASE021.VDF : 7.11.20.236 150528 Bytes 11.01.2012 15:59:36
VBASE022.VDF : 7.11.20.237 2048 Bytes 11.01.2012 15:59:36
VBASE023.VDF : 7.11.20.238 2048 Bytes 11.01.2012 15:59:36
VBASE024.VDF : 7.11.20.239 2048 Bytes 11.01.2012 15:59:36
VBASE025.VDF : 7.11.20.240 2048 Bytes 11.01.2012 15:59:36
VBASE026.VDF : 7.11.20.241 2048 Bytes 11.01.2012 15:59:36
VBASE027.VDF : 7.11.20.242 2048 Bytes 11.01.2012 15:59:36
VBASE028.VDF : 7.11.20.243 2048 Bytes 11.01.2012 15:59:36
VBASE029.VDF : 7.11.20.244 2048 Bytes 11.01.2012 15:59:36
VBASE030.VDF : 7.11.20.245 2048 Bytes 11.01.2012 15:59:36
VBASE031.VDF : 7.11.21.0 77824 Bytes 12.01.2012 15:59:36
Engineversion : 8.2.8.22
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 20:18:11
AESCRIPT.DLL : 8.1.3.96 434554 Bytes 12.01.2012 15:59:40
AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49
AESBX.DLL : 8.2.4.5 434549 Bytes 02.12.2011 10:33:10
AERDL.DLL : 8.1.9.15 639348 Bytes 09.09.2011 05:34:09
AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 20:47:48
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 11:20:09
AEHEUR.DLL : 8.1.3.15 4264310 Bytes 12.01.2012 15:59:39
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 20:18:01
AEGEN.DLL : 8.1.5.17 405877 Bytes 08.12.2011 20:07:46
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42
AECORE.DLL : 8.1.24.3 201079 Bytes 29.12.2011 11:47:17
AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56
AVPREF.DLL : 10.0.3.2 44904 Bytes 29.06.2011 08:31:00
AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 10:23:18
AVARKT.DLL : 10.0.26.1 255336 Bytes 29.06.2011 08:31:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 29.06.2011 08:31:00
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 29.06.2011 08:31:00
RCTEXT.DLL : 10.0.64.0 98664 Bytes 29.06.2011 08:31:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f355425\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Donnerstag, 12. Januar 2012 21:48
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dmhkcore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySpeedUpManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WCScheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSCKbdHk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OberonGameConsoleService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\tim\Desktop\ComboFix.exe'
C:\Users\tim\Desktop\ComboFix.exe
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a08eaa3.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 12. Januar 2012 21:48
Benötigte Zeit: 00:04 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
290 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
289 Dateien ohne Befall
6 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-12 23:05:25
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: hsi9qys8.exe; Driver: C:\Users\tim\AppData\Local\Temp\uwldipow.sys
---- System - GMER 1.0.15 ----
SSDT 8E5D0CC6 ZwCreateSection
SSDT 8E5D0CCB ZwSetContextThread
SSDT 8E5D0C67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 82C369A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C564E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C5D87C 4 Bytes [C6, 0C, 5D, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C5DC1C 4 Bytes [CB, 0C, 5D, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 1937 82C5DCF4 4 Bytes [67, 0C, 5D, 8E]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AE42C000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AE42C123 629 Bytes [75, 42, AE, FE, 05, 34, 75, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AE42C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AE42C3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B AE42C4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:18:42 on 12.01.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\tim\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\windows\system32\nvshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "REGSHAVE" - "FUJI PHOTO FILM CO., LTD." - C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-12 23:22:35
-----------------------------
23:22:35.847 OS Version: Windows 6.1.7601 Service Pack 1
23:22:35.847 Number of processors: 2 586 0x170A
23:22:35.863 ComputerName: TIM-PC UserName: tim
23:22:55.769 Initialize success
23:26:55.193 AVAST engine defs: 12011201
23:27:14.101 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:27:14.101 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 305245MB BusType: 3
23:27:14.116 Disk 0 MBR read successfully
23:27:14.116 Disk 0 MBR scan
23:27:14.132 Disk 0 unknown MBR code
23:27:14.132 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
23:27:14.147 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
23:27:14.163 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 144890 MB offset 31664128
23:27:14.194 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 144893 MB offset 328398848
23:27:14.194 Disk 0 scanning sectors +625139712
23:27:14.303 Disk 0 scanning C:\windows\system32\drivers
23:27:24.709 Service scanning
23:27:25.847 Modules scanning
23:27:34.443 Disk 0 trace - called modules:
23:27:34.474 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
23:27:34.490 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86954030]
23:27:34.490 3 CLASSPNP.SYS[8be0c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b66028]
23:27:36.050 AVAST engine scan C:\windows
23:27:37.064 File: C:\windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
23:27:38.624 AVAST engine scan C:\windows\system32
23:29:39.791 AVAST engine scan C:\windows\system32\drivers
23:29:49.619 AVAST engine scan C:\Users\tim
23:34:33.495 AVAST engine scan C:\ProgramData
23:35:30.466 Scan finished successfully
23:35:50.824 Disk 0 MBR has been saved successfully to "C:\Users\tim\Desktop\MBR.dat"
23:35:50.840 The log file has been saved successfully to "C:\Users\tim\Desktop\aswMBR.txt"
Geändert von waloya (12.01.2012 um 23:38 Uhr) |
|
| Themen zu Windows System aus Sicherheitsgründen blockiert... |
| administrator, anti-malware, appdata, autostart, blockiert, code, dateien, dateisystem, entfernen, eset, explorer, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, logfile, malwarebytes, meldung, microsoft, problem, roaming, software, speicher, system, viren, virus, windows, windows system |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
