| |
| |||||||
Log-Analyse und Auswertung: Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.01.2012, 22:32
| #1 |
 |  Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Hallo zusammen, mein Laptop hat sich leider auch mit dem "Achtung ! Aus Sicherheitsgründen wurde ihr Windows-System blockiert..." Virus/Trojaner infiziert hat. Bitte helft mir!! Hab mich bereits hier durchgelesen und mit OTL den Scan durchgeführt, die Ergebnisse sind angehängt. Vielen Dank für Eure Hilfe! Gruß |
|
30.01.2012, 12:20
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
|
30.01.2012, 12:37
| #3 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Ja. Einwandfrei, im Internet im abgesicherten Modus mit Netzwerktreibern kommt der Trojaner auch nicht.
__________________ |
|
30.01.2012, 12:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.01.2012, 01:16
| #5 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! hi, malware: 2 funde, gelöscht eset: 10 threads found logs: 1) malware Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.30.03 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Fabian :: FMNOTEBOOK [limitiert] 30.01.2012 20:34:35 mbam-log-2012-01-30 (20-34-35).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 460421 Laufzeit: 1 Stunde(n), 42 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Babe\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Babe\AppData\Local\Temp\ikixzkz.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=73e912254b8a3c44ae81d96c47a26a98
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-30 11:48:44
# local_time=2012-01-31 12:48:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 9292493 9292493 0 0
# compatibility_mode=5892 16776573 100 100 11641 165492030 0 0
# compatibility_mode=8192 67108863 100 0 3704 3704 0 0
# scanned=269511
# found=10
# cleaned=10
# scan_time=8022
C:\Fabian_abMärz10\Programme\Photo Gadget\SoftonicDownloader36570.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Babe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZFPSDDJ\2ff1567f0587843c76a5a95368a8b311[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Babe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZKRCFDG\main[1] Win32/LockScreen.AHO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Babe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZKRCFDG\main[2] Win32/LockScreen.AHO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Babe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3JY9YB7\main[1] Win32/LockScreen.AHO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Babe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3JY9YB7\main[2] Win32/LockScreen.AHO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Babe\AppData\Local\Temp\jar_cache1883145802895450465.tmp J2ME/TrojanDownloader.Agent.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Babe\AppData\Local\Temp\jar_cache4022145860901874884.tmp J2ME/TrojanDownloader.Agent.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Babe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\4a46a674-123b60d0 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Babe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\11068db9-5ba01543 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
31.01.2012, 09:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Die Funde mit ESET sollten eigentlich nicht gleich sofort gelöscht werden! "Gehe sicher das bei Remove Found Threats kein Haken gesetzt ist." Aber gut. Läuft der normale Modus vorerst wieder?
__________________ --> Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! |
|
31.01.2012, 21:34
| #7 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Hi, momentan läuft der normale Modus wieder und ich bin glücklich falls das so bleibt. Gibts noch iwas zu tun? |
|
31.01.2012, 22:17
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2012, 23:04
| #9 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.01.2012 22:28:11 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Babe\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,69% Memory free 2,93 Gb Paging File | 1,55 Gb Available in Paging File | 52,69% Paging File free Paging file location(s): c:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,46 Gb Total Space | 15,91 Gb Free Space | 11,66% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,21 Gb Free Space | 52,10% Space Free | Partition Type: NTFS Computer Name: FMNOTEBOOK | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Babe\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Fabian_abJan10\Programme\TomTom\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\SafeConnect\scManager.sys (Impulse Point, LLC) PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Logitech\khalshared\KHALMNPR.exe (Logitech Inc.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - c:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Windows\System32\zshp1020.exe () PRC - C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll () MOD - C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll () MOD - C:\Windows\System32\bcmwlrmt.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\Fabian_abMärz10\Programme\Photo Gadget\ShellResize.dll () ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (TomTomHOMEService) -- C:\Fabian_abJan10\Programme\TomTom\TomTomHOMEService.exe (TomTom) SRV - (SCManager) -- C:\Program Files\SafeConnect\scManager.sys (Impulse Point, LLC) SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32 File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gesetze.juris.de/Teilliste_E.html|hxxp://www.google.de/search?q=bilanzberichtigung&ie=utf-8&oe=utf-8&aq=t&rls=de.web:de:official&client=firefox|hxxp://beck-online.beck.de/?bcid=Y-100-G-EStR|hxxp://www.abkuerzungen.de/result.php?searchterm=stub&language=de&style=standard&x=0&y=0|hxxp://juris.bundesfinanzhof.de/cgi-bin/rechtsprechung/document.py?Gericht=bfh&Art=pm&Datum=2010&nr=21496&linked=entsch" FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Fabian_abMai08\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.23 22:25:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.13 01:33:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.13 01:33:43 | 000,000,000 | ---D | M] [2010.01.30 17:29:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions [2010.01.30 17:29:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.03.29 19:22:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.07.14 20:53:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions [2009.08.21 17:52:01 | 000,000,000 | -H-D | M] (Winamp Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.07.10 09:08:21 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.18 15:22:59 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.09 10:56:45 | 000,000,000 | -H-D | M] (softonic-de3 Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2009.03.09 19:45:42 | 000,000,000 | -H-D | M] (FoxClocks) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2011.07.14 20:54:39 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\toolbar@ask.com [2011.03.22 20:46:36 | 000,000,000 | -H-D | M] (WEB.DE Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\toolbar@web.de [2011.05.17 12:12:44 | 000,002,333 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\askcom.xml [2011.04.17 09:32:47 | 000,000,950 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin-1.xml [2008.07.04 22:32:38 | 000,000,950 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin-3.xml [2008.07.16 08:32:20 | 000,000,950 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin-4.xml [2009.07.13 16:12:02 | 000,000,944 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin.xml [2011.10.13 23:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.08.18 07:10:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.10.18 15:56:11 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2009.03.06 13:39:06 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2010.05.11 12:19:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.23 09:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.08 22:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.10 20:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.12 09:17:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.10.13 23:25:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} [2009.03.06 13:39:07 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2011.03.22 20:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2011.03.22 20:46:17 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2009.09.14 11:02:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.01.26 23:23:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.31 19:15:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.11 12:19:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.23 09:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.08 22:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.10 20:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.12 09:17:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.30 19:39:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.13 23:24:33 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.10.23 14:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll File not found O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [conhost] C:\Users\Fabian\AppData\Roaming\Microsoft\conhost.exe File not found O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [Application Restart #0] C:\Windows\System32\conime.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Fabian_abAugust09\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Fabian_abAugust09\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90B76589-9A4F-449E-B415-3AD372EE9712}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D40413F7-9AC5-46FE-84B2-EDA3193D2645}: NameServer = 10.10.10.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: 13906258451053471646257583519029 - hkey= - key= - File not found MsConfig - StartUpReg: DELL Webcam Manager - hkey= - key= - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Fabian_abMai08\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: oovoo.exe - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Fabian_abJan10\Programme\TomTom\TomTomHOMERunner.exe (TomTom) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 0 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.31 01:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.31 01:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.30 22:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.28 21:13:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\PokerStars [2012.01.28 21:13:27 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars [2012.01.28 21:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars [2012.01.25 12:10:26 | 000,000,000 | ---D | C] -- C:\Fabian_abOktober10 [2012.01.23 19:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.23 19:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.23 19:39:26 | 000,000,000 | ---D | C] -- C:\Fabian_abMai08 [2012.01.23 19:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl ========== Files - Modified Within 30 Days ========== [2012.01.31 22:09:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.31 21:30:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001UA.job [2012.01.31 21:21:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.31 21:20:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.31 21:20:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.31 21:20:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.31 21:19:58 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys [2012.01.31 14:27:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.01.31 12:42:33 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.31 12:42:33 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.31 12:42:33 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.31 12:42:32 | 000,128,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.30 22:19:48 | 000,002,520 | ---- | M] () -- C:\Users\Fabian\Desktop\malware log [2012.01.29 19:50:33 | 000,271,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.01.29 03:30:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001Core.job [2012.01.28 21:13:28 | 000,000,860 | ---- | M] () -- C:\Users\Fabian\Desktop\PokerStars.lnk [2012.01.25 16:18:51 | 000,001,193 | ---- | M] () -- C:\Users\Fabian\Desktop\Free YouTube to MP3 Converter.lnk [2012.01.23 22:25:22 | 000,001,397 | ---- | M] () -- C:\Users\Fabian\Desktop\DivX Movies.lnk [2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl ========== Files Created - No Company Name ========== [2012.01.31 12:33:54 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys [2012.01.30 22:19:48 | 000,002,520 | ---- | C] () -- C:\Users\Fabian\Desktop\malware log [2012.01.28 21:13:28 | 000,000,860 | ---- | C] () -- C:\Users\Fabian\Desktop\PokerStars.lnk [2012.01.25 16:18:51 | 000,001,193 | ---- | C] () -- C:\Users\Fabian\Desktop\Free YouTube to MP3 Converter.lnk [2011.03.06 16:40:14 | 000,003,793 | -H-- | C] () -- C:\Users\Fabian\AppData\Roaming\BDA8.402 [2011.01.15 16:04:16 | 000,000,485 | ---- | C] () -- C:\Windows\eReg.dat [2010.09.10 09:14:02 | 000,000,680 | -H-- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat [2010.01.17 12:17:17 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2009.10.21 11:49:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.21 11:49:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.06.10 12:36:43 | 002,157,568 | ---- | C] () -- C:\Windows\System32\pdfutil.dll [2009.05.01 12:58:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\_pdfxp.dll [2009.05.01 12:40:33 | 000,000,075 | ---- | C] () -- C:\Windows\iltwain.ini [2009.04.30 10:28:25 | 000,001,024 | -H-- | C] () -- C:\ProgramData\1pdfmer.dll [2009.04.30 10:27:36 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini [2009.04.30 10:00:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.04.30 10:00:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.04.01 10:10:25 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth2.dll [2009.04.01 10:10:25 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth1.dll [2009.04.01 10:10:25 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\prsgrc.dll [2009.04.01 10:04:27 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2009.04.01 10:04:26 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2009.03.06 13:38:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008.11.12 22:12:13 | 000,001,024 | -H-- | C] () -- C:\ProgramData\pdfxls2.dll [2008.10.12 11:26:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.11 19:26:51 | 000,000,136 | -H-- | C] () -- C:\Users\Fabian\AppData\Roaming\lakerda1967.sys [2008.09.11 19:26:27 | 000,010,568 | -H-- | C] () -- C:\Users\Fabian\AppData\Roaming\docXConverter (3).ini [2008.08.08 13:05:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.03 13:42:01 | 000,397,312 | R--- | C] () -- C:\Windows\System32\zshp1020.exe [2008.08.03 13:42:01 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll [2008.07.24 22:25:20 | 000,000,552 | -H-- | C] () -- C:\Users\Fabian\AppData\Local\d3d8caps.dat [2008.07.24 11:36:30 | 000,001,024 | -H-- | C] () -- C:\ProgramData\imgdoc2.dll [2008.07.24 11:26:08 | 000,000,224 | -H-- | C] () -- C:\Users\Fabian\AppData\Roaming\APUSet.xml [2008.07.24 11:26:07 | 000,006,774 | -H-- | C] () -- C:\Users\Fabian\AppData\Roaming\PrimoPDFSet.xml [2008.07.24 11:21:49 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2008.07.07 20:14:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll [2008.07.07 20:14:25 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psconv.ini [2008.05.10 14:36:48 | 000,039,424 | -H-- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.10 10:27:00 | 000,036,864 | R--- | C] () -- C:\Windows\System32\ctrldll.dll [2008.05.10 10:27:00 | 000,032,768 | R--- | C] () -- C:\Windows\System32\rmctrl.exe [2008.05.09 16:56:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.04.28 18:13:33 | 000,000,318 | ---- | C] () -- C:\Windows\primopdf.ini [2008.04.26 23:05:52 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008.04.26 23:05:51 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.04.26 23:05:51 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.04.26 23:05:51 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.04.26 23:05:51 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008.04.26 23:05:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.04.26 15:35:27 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2008.04.26 15:35:26 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2008.04.26 15:29:37 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008.04.26 15:13:48 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.15 19:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 16:33:31 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,128,796 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,271,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2009.10.18 16:09:15 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Academic Software Zurich [2009.07.08 18:55:21 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Canon [2010.09.27 15:49:39 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Dropbox [2011.08.08 13:21:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft [2011.07.14 21:03:19 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers [2008.07.04 19:48:27 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2008.05.10 09:45:41 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ Toolbar [2009.08.23 06:27:56 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ooVoo Details [2009.08.23 06:21:59 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\tmp [2010.01.30 17:29:54 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\TomTom [2012.01.29 03:30:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001Core.job [2012.01.31 21:30:02 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001UA.job [2012.01.31 14:28:00 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2009.04.01 10:09:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\Application Data\SPSS < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.10.18 16:09:15 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Academic Software Zurich [2008.06.16 20:46:07 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Adobe [2010.07.09 12:29:17 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Apple Computer [2010.09.12 20:07:51 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ArcSoft [2009.07.08 18:55:21 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Canon [2008.05.10 16:12:50 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Creative [2008.09.08 09:54:37 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\CyberLink [2010.11.08 20:33:39 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\DivX [2010.09.27 15:49:39 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Dropbox [2011.08.08 13:21:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft [2011.07.14 21:03:19 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers [2008.07.04 19:48:27 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2008.05.10 09:45:41 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ Toolbar [2008.05.09 15:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Identities [2008.05.09 15:40:46 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Logitech [2008.05.09 19:46:22 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Macromedia [2011.12.02 21:01:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Media Center Programs [2011.03.07 18:03:27 | 000,000,000 | --SD | M] -- C:\Users\Fabian\AppData\Roaming\Microsoft [2008.08.31 13:55:31 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Mozilla [2009.08.23 06:27:56 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\ooVoo Details [2009.08.23 06:21:59 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Reallusion [2008.05.10 17:26:01 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Roxio [2011.05.15 17:40:43 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Skype [2011.04.03 15:02:15 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\skypePM [2009.08.23 06:21:59 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\tmp [2010.01.30 17:29:54 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\TomTom [2008.05.15 22:30:33 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\vlc [2008.05.10 16:32:38 | 000,000,000 | -H-D | M] -- C:\Users\Fabian\AppData\Roaming\Winamp < %APPDATA%\*.exe /s > [2010.02.26 06:10:20 | 021,979,992 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010.05.25 15:06:28 | 000,089,831 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Uninstall.exe [2009.07.25 20:07:39 | 001,878,984 | -H-- | M] (Adobe Systems Incorporated) -- C:\Users\Fabian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2008.05.10 16:01:24 | 000,010,134 | RH-- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe [2008.05.10 16:01:01 | 000,010,134 | RH-- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.04.26 22:42:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys [2008.04.26 22:42:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2008.04.26 22:42:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2008.04.26 22:42:57 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008.04.26 22:43:49 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys [2008.04.26 22:43:49 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.04.26 22:43:35 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2008.04.26 23:05:13 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys [2008.04.26 23:05:13 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys [2008.04.26 23:05:13 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys [2008.04.26 23:05:13 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys [2008.04.26 22:42:55 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys [2008.04.26 22:42:55 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys [2008.04.26 22:43:35 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2008.04.26 22:43:35 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys [2008.04.26 22:58:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.04.26 22:58:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.04.26 22:58:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.04.26 22:58:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.09.06 17:43:26 | 000,304,920 | -H-- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys [2007.03.21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.09.06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys [2007.09.06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys [2007.09.06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys [2007.03.21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.04.26 22:56:46 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008.04.26 22:56:46 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2007.12.12 08:02:48 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll < End of report > |
|
01.02.2012, 11:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=1586&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32 File not found
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gesetze.juris.de/Teilliste_E.html|http://www.google.de/search?q=bilanzberichtigung&ie=utf-8&oe=utf-8&aq=t&rls=de.web:de:official&client=firefox|http://beck-online.beck.de/?bcid=Y-100-G-EStR|http://www.abkuerzungen.de/result.php?searchterm=stub&language=de&style=standard&x=0&y=0|http://juris.bundesfinanzhof.de/cgi-bin/rechtsprechung/document.py?Gericht=bfh&Art=pm&Datum=2010&nr=21496&linked=entsch"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
[2009.08.21 17:52:01 | 000,000,000 | -H-D | M] (Winamp Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.07.10 09:08:21 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.09 10:56:45 | 000,000,000 | -H-D | M] (softonic-de3 Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.07.14 20:54:39 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\toolbar@ask.com
[2011.03.22 20:46:36 | 000,000,000 | -H-D | M] (WEB.DE Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\toolbar@web.de
[2011.05.17 12:12:44 | 000,002,333 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\askcom.xml
[2011.04.17 09:32:47 | 000,000,950 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin-1.xml
[2008.07.04 22:32:38 | 000,000,950 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin-3.xml
[2008.07.16 08:32:20 | 000,000,950 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin-4.xml
[2009.07.13 16:12:02 | 000,000,944 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin.xml
[2009.08.18 07:10:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.03.06 13:39:06 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.03.06 13:39:07 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2011.03.22 20:46:17 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\Fabian\AppData\Roaming\ICQ Toolbar
C:\Users\Fabian\AppData\Roaming\BDA8.402
C:\Programme\Winamp Toolbar
C:\Programme\Ask.com
C:\Programme\softonic-de3
C:\Programme\pdfforge Toolbar
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2012, 19:35
| #11 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Hallo, also es ist folgendes passiert: Ich hab alle programme geschlossen, antivir ließ ich iwie nicht deaktivieren hab dann die windows-firewall ausgeschaltet hoffe das war ok. dann otl-fix gestartet. er war schon recht weit auf einmal kommt die fehlermeldung 'OTL wird aufgrund eines Fehlers geschlossen...' und jetzt bin ich im normalen Modus, anscheinend funktioniert soweit alles (z.B. Internet). Ich finde aber nirgendwo keine OTL-Log-Datei vom Fix und weiß nicht ob das funktioniert hat/etwas beschädigt hat etc. Was nun? |
|
02.02.2012, 23:36
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Probier den Fix bitte nochmal im abgesicherten Modus aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2012, 14:13
| #13 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt!Code:
ATTFilter All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\prxtbsof0.dll not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\prxtbsof0.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.gesetze.juris.de/Teilliste_E.html|hxxp://www.google.de/search?q=bilanzberichtigung&ie=utf-8&oe=utf-8&aq=t&rls=de.web:de:official&client=firefox|hxxp://beck-online.beck.de/?bcid=Y-100-G-EStR|hxxp://www.abkuerzungen.de/result.php?searchterm=stub&language=de&style=standard&x=0&y=0|hxxp://juris.bundesfinanzhof.de/cgi-bin/rechtsprechung/document.py?Gericht=bfh&Art=pm&Datum=2010&nr=21496&linked=entsch" removed from browser.startup.homepage
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" removed from keyword.URL
Folder C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\ not found.
Folder C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Folder C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\toolbar@ask.com\ not found.
Folder C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\toolbar@web.de\ not found.
File C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\askcom.xml not found.
File C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\searchplugins\icqplugin.xml not found.
Folder C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Folder C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\ not found.
Folder C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
File C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
File C:\Programme\Dell\BAE\BAE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\prxtbsof0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
========== FILES ==========
File\Folder C:\Users\Fabian\AppData\Roaming\ICQ Toolbar not found.
File\Folder C:\Users\Fabian\AppData\Roaming\BDA8.402 not found.
File\Folder C:\Programme\Winamp Toolbar not found.
File\Folder C:\Programme\Ask.com not found.
File\Folder C:\Programme\softonic-de3 not found.
File\Folder C:\Programme\pdfforge Toolbar not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Babe
->Temp folder emptied: 22430 bytes
->Temporary Internet Files folder emptied: 776840 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69899284 bytes
->Flash cache emptied: 1014 bytes
User: Babe 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Fabian
->Temp folder emptied: 430527000 bytes
->Temporary Internet Files folder emptied: 223952435 bytes
->Java cache emptied: 50703407 bytes
->FireFox cache emptied: 62997041 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 2156296 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 431695583 bytes
RecycleBin emptied: 90920967 bytes
Total Files Cleaned = 1.300,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02032012_134613
Files\Folders moved on Reboot...
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
03.02.2012, 14:56
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2012, 15:35
| #15 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! 1 threat found, hier das log: Code:
ATTFilter 15:27:59.0654 5224 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
15:27:59.0825 5224 ============================================================
15:27:59.0825 5224 Current date / time: 2012/02/03 15:27:59.0825
15:27:59.0825 5224 SystemInfo:
15:27:59.0825 5224
15:27:59.0826 5224 OS Version: 6.0.6002 ServicePack: 2.0
15:27:59.0826 5224 Product type: Workstation
15:27:59.0826 5224 ComputerName: FMNOTEBOOK
15:27:59.0827 5224 UserName: Fabian
15:27:59.0827 5224 Windows directory: C:\Windows
15:27:59.0827 5224 System windows directory: C:\Windows
15:27:59.0827 5224 Processor architecture: Intel x86
15:27:59.0827 5224 Number of processors: 2
15:27:59.0827 5224 Page size: 0x1000
15:27:59.0827 5224 Boot type: Normal boot
15:27:59.0827 5224 ============================================================
15:28:01.0130 5224 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:28:01.0134 5224 \Device\Harddisk0\DR0:
15:28:01.0153 5224 MBR used
15:28:01.0153 5224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
15:28:01.0153 5224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x110E97F8
15:28:01.0346 5224 Initialize success
15:28:01.0346 5224 ============================================================
15:28:40.0967 5756 ============================================================
15:28:40.0968 5756 Scan started
15:28:40.0968 5756 Mode: Manual; SigCheck; TDLFS;
15:28:40.0968 5756 ============================================================
15:28:41.0724 5756 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:28:42.0017 5756 ACPI - ok
15:28:42.0163 5756 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:28:42.0343 5756 adp94xx - ok
15:28:42.0489 5756 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:28:42.0569 5756 adpahci - ok
15:28:42.0647 5756 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:28:42.0688 5756 adpu160m - ok
15:28:42.0801 5756 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:28:42.0843 5756 adpu320 - ok
15:28:43.0075 5756 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
15:28:44.0029 5756 Afc - ok
15:28:44.0221 5756 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:28:44.0396 5756 AFD - ok
15:28:44.0559 5756 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
15:28:44.0635 5756 agp440 - ok
15:28:44.0701 5756 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:28:44.0738 5756 aic78xx - ok
15:28:44.0792 5756 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
15:28:44.0829 5756 aliide - ok
15:28:44.0972 5756 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
15:28:45.0047 5756 amdagp - ok
15:28:45.0097 5756 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
15:28:45.0153 5756 amdide - ok
15:28:45.0204 5756 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:28:45.0526 5756 AmdK7 - ok
15:28:45.0660 5756 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:28:45.0871 5756 AmdK8 - ok
15:28:46.0054 5756 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:28:46.0175 5756 ApfiltrService - ok
15:28:46.0353 5756 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:28:46.0392 5756 arc - ok
15:28:46.0451 5756 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:28:46.0489 5756 arcsas - ok
15:28:46.0664 5756 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:46.0894 5756 AsyncMac - ok
15:28:47.0023 5756 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:28:47.0060 5756 atapi - ok
15:28:47.0170 5756 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
15:28:47.0230 5756 avgntflt - ok
15:28:47.0410 5756 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
15:28:47.0478 5756 avipbb - ok
15:28:47.0557 5756 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
15:28:47.0590 5756 avkmgr - ok
15:28:47.0678 5756 BCM42RLY - ok
15:28:47.0852 5756 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:28:47.0997 5756 BCM43XX - ok
15:28:48.0167 5756 blbdrive - ok
15:28:48.0288 5756 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\Windows\system32\DRIVERS\blueletaudio.sys
15:28:48.0350 5756 BlueletAudio - ok
15:28:48.0398 5756 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
15:28:48.0461 5756 BlueletSCOAudio - ok
15:28:48.0667 5756 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:28:48.0762 5756 bowser - ok
15:28:48.0830 5756 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:28:48.0980 5756 BrFiltLo - ok
15:28:49.0123 5756 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:28:49.0240 5756 BrFiltUp - ok
15:28:49.0311 5756 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:28:49.0448 5756 Brserid - ok
15:28:49.0546 5756 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:28:49.0719 5756 BrSerWdm - ok
15:28:49.0813 5756 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:28:49.0959 5756 BrUsbMdm - ok
15:28:50.0052 5756 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:28:50.0226 5756 BrUsbSer - ok
15:28:50.0349 5756 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\Windows\system32\DRIVERS\btnetdrv.sys
15:28:50.0401 5756 BT - ok
15:28:50.0547 5756 Btcsrusb (da473d279420234170da795f1cad4479) C:\Windows\system32\Drivers\btcusb.sys
15:28:50.0578 5756 Btcsrusb - ok
15:28:50.0693 5756 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
15:28:50.0806 5756 BthEnum - ok
15:28:50.0932 5756 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\Windows\system32\Drivers\vbtenum.sys
15:28:51.0020 5756 BTHidEnum - ok
15:28:51.0191 5756 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\Windows\system32\Drivers\BTHidMgr.sys
15:28:51.0238 5756 BTHidMgr - ok
15:28:51.0366 5756 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:28:51.0525 5756 BTHMODEM - ok
15:28:51.0689 5756 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
15:28:51.0813 5756 BthPan - ok
15:28:51.0950 5756 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
15:28:52.0060 5756 BTHPORT - ok
15:28:52.0326 5756 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
15:28:52.0413 5756 BTHUSB - ok
15:28:52.0555 5756 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
15:28:52.0602 5756 btwaudio - ok
15:28:52.0675 5756 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
15:28:52.0712 5756 btwavdt - ok
15:28:52.0833 5756 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
15:28:52.0865 5756 btwrchid - ok
15:28:53.0055 5756 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:28:53.0224 5756 cdfs - ok
15:28:53.0426 5756 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:28:53.0535 5756 cdrom - ok
15:28:53.0714 5756 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:28:53.0942 5756 circlass - ok
15:28:54.0253 5756 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:28:54.0335 5756 CLFS - ok
15:28:54.0619 5756 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:28:54.0738 5756 CmBatt - ok
15:28:54.0869 5756 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
15:28:54.0903 5756 cmdide - ok
15:28:55.0266 5756 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:28:55.0302 5756 Compbatt - ok
15:28:55.0412 5756 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:28:55.0447 5756 crcdisk - ok
15:28:55.0625 5756 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:28:55.0817 5756 Crusoe - ok
15:28:56.0029 5756 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:28:56.0126 5756 DfsC - ok
15:28:56.0327 5756 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:28:56.0398 5756 disk - ok
15:28:56.0582 5756 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:28:56.0703 5756 drmkaud - ok
15:28:56.0788 5756 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:28:56.0854 5756 DXGKrnl - ok
15:28:57.0054 5756 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
15:28:57.0244 5756 e1express - ok
15:28:57.0376 5756 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:28:57.0519 5756 E1G60 - ok
15:28:57.0683 5756 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:28:57.0737 5756 Ecache - ok
15:28:57.0885 5756 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:28:57.0936 5756 elxstor - ok
15:28:58.0123 5756 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:28:58.0254 5756 exfat - ok
15:28:58.0418 5756 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:28:58.0513 5756 fastfat - ok
15:28:58.0656 5756 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:28:58.0839 5756 fdc - ok
15:28:58.0976 5756 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:28:59.0046 5756 FileInfo - ok
15:28:59.0153 5756 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:28:59.0258 5756 Filetrace - ok
15:28:59.0375 5756 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:28:59.0576 5756 flpydisk - ok
15:28:59.0663 5756 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:28:59.0716 5756 FltMgr - ok
15:28:59.0884 5756 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:28:59.0974 5756 Fs_Rec - ok
15:29:00.0040 5756 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:29:00.0115 5756 gagp30kx - ok
15:29:00.0250 5756 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:29:00.0278 5756 GEARAspiWDM - ok
15:29:00.0436 5756 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:29:00.0587 5756 HDAudBus - ok
15:29:00.0731 5756 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:29:00.0877 5756 HidBth - ok
15:29:00.0936 5756 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:29:01.0095 5756 HidIr - ok
15:29:01.0270 5756 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:29:01.0397 5756 HidUsb - ok
15:29:01.0487 5756 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:29:01.0551 5756 HpCISSs - ok
15:29:01.0730 5756 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:29:01.0988 5756 HSF_DPV - ok
15:29:02.0120 5756 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:29:02.0247 5756 HSXHWAZL - ok
15:29:02.0451 5756 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:29:02.0685 5756 HTTP - ok
15:29:02.0821 5756 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:29:02.0878 5756 i2omp - ok
15:29:03.0002 5756 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:29:03.0128 5756 i8042prt - ok
15:29:03.0260 5756 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
15:29:03.0291 5756 iaStor - ok
15:29:03.0408 5756 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:29:03.0456 5756 iaStorV - ok
15:29:03.0708 5756 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:29:03.0887 5756 igfx - ok
15:29:03.0998 5756 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:29:04.0017 5756 iirsp - ok
15:29:04.0140 5756 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
15:29:04.0245 5756 IntcHdmiAddService - ok
15:29:04.0369 5756 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
15:29:04.0403 5756 intelide - ok
15:29:04.0469 5756 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:29:04.0572 5756 intelppm - ok
15:29:04.0678 5756 IpInIp - ok
15:29:04.0777 5756 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:29:04.0930 5756 IPMIDRV - ok
15:29:05.0012 5756 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:29:05.0123 5756 IPNAT - ok
15:29:05.0284 5756 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:29:05.0390 5756 IRENUM - ok
15:29:05.0427 5756 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
15:29:05.0464 5756 isapnp - ok
15:29:05.0598 5756 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:29:05.0635 5756 iScsiPrt - ok
15:29:05.0697 5756 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:29:05.0731 5756 iteatapi - ok
15:29:05.0834 5756 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:29:05.0919 5756 iteraid - ok
15:29:05.0977 5756 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:29:06.0013 5756 kbdclass - ok
15:29:06.0109 5756 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:29:06.0197 5756 kbdhid - ok
15:29:06.0341 5756 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:29:06.0419 5756 KSecDD - ok
15:29:06.0522 5756 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:29:06.0653 5756 lltdio - ok
15:29:06.0798 5756 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:29:06.0854 5756 LSI_FC - ok
15:29:06.0910 5756 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:29:06.0946 5756 LSI_SAS - ok
15:29:06.0985 5756 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:29:07.0040 5756 LSI_SCSI - ok
15:29:07.0190 5756 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:29:07.0289 5756 luafv - ok
15:29:07.0357 5756 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:29:07.0441 5756 mdmxsdk - ok
15:29:07.0602 5756 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:29:07.0637 5756 megasas - ok
15:29:07.0740 5756 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:29:07.0827 5756 Modem - ok
15:29:07.0955 5756 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:29:08.0021 5756 monitor - ok
15:29:08.0113 5756 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:29:08.0165 5756 mouclass - ok
15:29:08.0305 5756 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:29:08.0372 5756 mouhid - ok
15:29:08.0469 5756 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:29:08.0555 5756 MountMgr - ok
15:29:08.0666 5756 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:29:08.0746 5756 mpio - ok
15:29:08.0862 5756 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:29:08.0960 5756 mpsdrv - ok
15:29:09.0097 5756 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:29:09.0167 5756 Mraid35x - ok
15:29:09.0286 5756 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:29:09.0408 5756 MRxDAV - ok
15:29:09.0574 5756 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:09.0693 5756 mrxsmb - ok
15:29:09.0845 5756 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:09.0926 5756 mrxsmb10 - ok
15:29:10.0012 5756 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:10.0056 5756 mrxsmb20 - ok
15:29:10.0170 5756 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
15:29:10.0205 5756 msahci - ok
15:29:10.0262 5756 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:29:10.0330 5756 msdsm - ok
15:29:10.0530 5756 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:29:10.0630 5756 Msfs - ok
15:29:10.0739 5756 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:29:10.0772 5756 msisadrv - ok
15:29:10.0932 5756 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:29:11.0038 5756 MSKSSRV - ok
15:29:11.0106 5756 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:11.0174 5756 MSPCLOCK - ok
15:29:11.0353 5756 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:29:11.0468 5756 MSPQM - ok
15:29:11.0531 5756 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:29:11.0619 5756 MsRPC - ok
15:29:11.0772 5756 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:29:11.0798 5756 mssmbios - ok
15:29:11.0871 5756 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:29:11.0982 5756 MSTEE - ok
15:29:12.0141 5756 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:29:12.0183 5756 Mup - ok
15:29:12.0289 5756 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:29:12.0373 5756 NativeWifiP - ok
15:29:12.0536 5756 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:29:12.0633 5756 NDIS - ok
15:29:12.0797 5756 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:12.0885 5756 NdisTapi - ok
15:29:12.0969 5756 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:13.0065 5756 Ndisuio - ok
15:29:13.0199 5756 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:13.0337 5756 NdisWan - ok
15:29:13.0410 5756 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:29:13.0529 5756 NDProxy - ok
15:29:13.0676 5756 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:29:13.0798 5756 NetBIOS - ok
15:29:13.0909 5756 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:29:14.0036 5756 netbt - ok
15:29:14.0196 5756 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:29:14.0232 5756 nfrd960 - ok
15:29:14.0321 5756 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:29:14.0427 5756 Npfs - ok
15:29:14.0563 5756 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:29:14.0671 5756 nsiproxy - ok
15:29:14.0795 5756 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:29:14.0934 5756 Ntfs - ok
15:29:15.0082 5756 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:29:15.0236 5756 ntrigdigi - ok
15:29:15.0300 5756 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:29:15.0367 5756 Null - ok
15:29:15.0489 5756 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:29:15.0556 5756 nvraid - ok
15:29:15.0609 5756 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:29:15.0644 5756 nvstor - ok
15:29:15.0687 5756 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
15:29:15.0728 5756 nv_agp - ok
15:29:15.0831 5756 NwlnkFlt - ok
15:29:15.0912 5756 NwlnkFwd - ok
15:29:16.0068 5756 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
15:29:16.0166 5756 OEM02Dev - ok
15:29:16.0278 5756 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
15:29:16.0331 5756 OEM02Vfx - ok
15:29:16.0435 5756 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:29:16.0503 5756 ohci1394 - ok
15:29:16.0667 5756 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:29:16.0788 5756 Parport - ok
15:29:16.0871 5756 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:29:16.0912 5756 partmgr - ok
15:29:17.0049 5756 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:29:17.0231 5756 Parvdm - ok
15:29:17.0377 5756 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:29:17.0443 5756 pci - ok
15:29:17.0510 5756 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:29:17.0581 5756 pciide - ok
15:29:17.0713 5756 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:29:17.0784 5756 pcmcia - ok
15:29:17.0874 5756 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:29:18.0155 5756 PEAUTH - ok
15:29:18.0379 5756 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:29:18.0509 5756 PptpMiniport - ok
15:29:18.0586 5756 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:29:18.0729 5756 Processor - ok
15:29:18.0888 5756 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:29:18.0966 5756 PSched - ok
15:29:19.0069 5756 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
15:29:19.0105 5756 PxHelp20 - ok
15:29:19.0292 5756 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:29:19.0384 5756 ql2300 - ok
15:29:19.0559 5756 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:29:19.0637 5756 ql40xx - ok
15:29:19.0744 5756 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:29:19.0853 5756 QWAVEdrv - ok
15:29:20.0076 5756 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
15:29:20.0448 5756 R300 - ok
15:29:20.0595 5756 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:29:20.0685 5756 RasAcd - ok
15:29:20.0788 5756 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:20.0944 5756 Rasl2tp - ok
15:29:21.0093 5756 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:21.0187 5756 RasPppoe - ok
15:29:21.0313 5756 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:29:21.0430 5756 RasSstp - ok
15:29:21.0592 5756 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:29:21.0697 5756 rdbss - ok
15:29:21.0825 5756 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:21.0917 5756 RDPCDD - ok
15:29:22.0063 5756 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
15:29:22.0160 5756 rdpdr - ok
15:29:22.0292 5756 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:29:22.0397 5756 RDPENCDD - ok
15:29:22.0562 5756 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:29:22.0705 5756 RDPWD - ok
15:29:22.0914 5756 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
15:29:23.0040 5756 RFCOMM - ok
15:29:23.0183 5756 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:29:23.0284 5756 rimmptsk - ok
15:29:23.0441 5756 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
15:29:23.0543 5756 rimsptsk - ok
15:29:23.0606 5756 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:29:23.0702 5756 rismxdp - ok
15:29:23.0855 5756 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
15:29:23.0945 5756 ROOTMODEM - ok
15:29:24.0056 5756 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:29:24.0181 5756 rspndr - ok
15:29:24.0318 5756 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:29:24.0357 5756 sbp2port - ok
15:29:24.0520 5756 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:29:24.0608 5756 sdbus - ok
15:29:24.0737 5756 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:29:24.0888 5756 secdrv - ok
15:29:24.0993 5756 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
15:29:25.0122 5756 Serenum - ok
15:29:25.0187 5756 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:29:25.0328 5756 Serial - ok
15:29:25.0504 5756 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:29:25.0573 5756 sermouse - ok
15:29:25.0662 5756 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
15:29:25.0783 5756 sffdisk - ok
15:29:25.0905 5756 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
15:29:26.0012 5756 sffp_mmc - ok
15:29:26.0103 5756 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:29:26.0192 5756 sffp_sd - ok
15:29:26.0315 5756 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:29:26.0464 5756 sfloppy - ok
15:29:26.0533 5756 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
15:29:26.0596 5756 sisagp - ok
15:29:26.0742 5756 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:29:26.0777 5756 SiSRaid2 - ok
15:29:26.0821 5756 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:29:26.0888 5756 SiSRaid4 - ok
15:29:27.0054 5756 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:29:27.0170 5756 Smb - ok
15:29:27.0515 5756 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:29:27.0571 5756 spldr - ok
15:29:27.0904 5756 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:29:28.0028 5756 srv - ok
15:29:28.0286 5756 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:29:28.0458 5756 srv2 - ok
15:29:28.0637 5756 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:29:28.0736 5756 srvnet - ok
15:29:29.0049 5756 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:29:29.0123 5756 ssmdrv - ok
15:29:29.0506 5756 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
15:29:29.0733 5756 STHDA - ok
15:29:29.0910 5756 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:29:29.0971 5756 swenum - ok
15:29:30.0089 5756 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:29:30.0147 5756 Symc8xx - ok
15:29:30.0185 5756 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:29:30.0204 5756 Sym_hi - ok
15:29:30.0248 5756 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:29:30.0366 5756 Sym_u3 - ok
15:29:30.0928 5756 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:29:31.0131 5756 Tcpip - ok
15:29:31.0335 5756 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:29:31.0483 5756 Tcpip6 - ok
15:29:31.0691 5756 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:29:31.0813 5756 tcpipreg - ok
15:29:32.0000 5756 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:29:32.0065 5756 TDPIPE - ok
15:29:32.0121 5756 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:29:32.0303 5756 TDTCP - ok
15:29:32.0644 5756 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:29:32.0742 5756 tdx - ok
15:29:32.0950 5756 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:29:33.0007 5756 TermDD - ok
15:29:33.0206 5756 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:33.0294 5756 tssecsrv - ok
15:29:33.0377 5756 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:29:33.0533 5756 tunmp - ok
15:29:33.0693 5756 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:29:33.0764 5756 tunnel - ok
15:29:33.0883 5756 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:29:33.0904 5756 uagp35 - ok
15:29:34.0052 5756 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:29:34.0092 5756 udfs - ok
15:29:34.0176 5756 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
15:29:34.0197 5756 uliagpkx - ok
15:29:34.0261 5756 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:29:34.0287 5756 uliahci - ok
15:29:34.0443 5756 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:29:34.0485 5756 UlSata - ok
15:29:34.0574 5756 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:29:34.0617 5756 ulsata2 - ok
15:29:34.0729 5756 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:29:34.0801 5756 umbus - ok
15:29:34.0945 5756 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:35.0026 5756 usbccgp - ok
15:29:35.0158 5756 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:29:35.0274 5756 usbcir - ok
15:29:35.0438 5756 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:29:35.0499 5756 usbehci - ok
15:29:35.0572 5756 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:29:35.0648 5756 usbhub - ok
15:29:35.0750 5756 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:29:35.0926 5756 usbohci - ok
15:29:36.0074 5756 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:29:36.0190 5756 usbprint - ok
15:29:36.0350 5756 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:29:36.0442 5756 usbscan - ok
15:29:36.0487 5756 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:36.0547 5756 USBSTOR - ok
15:29:36.0682 5756 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:29:36.0777 5756 usbuhci - ok
15:29:36.0926 5756 VComm (51750b0539986186c6931fc40d171521) C:\Windows\system32\DRIVERS\VComm.sys
15:29:36.0987 5756 VComm - ok
15:29:37.0069 5756 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\Windows\system32\Drivers\VcommMgr.sys
15:29:37.0100 5756 VcommMgr - ok
15:29:37.0238 5756 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:37.0391 5756 vga - ok
15:29:37.0448 5756 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:29:37.0569 5756 VgaSave - ok
15:29:37.0686 5756 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
15:29:37.0764 5756 viaagp - ok
15:29:37.0813 5756 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:29:37.0960 5756 ViaC7 - ok
15:29:38.0081 5756 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
15:29:38.0116 5756 viaide - ok
15:29:38.0180 5756 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:29:38.0240 5756 volmgr - ok
15:29:38.0331 5756 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:29:38.0392 5756 volmgrx - ok
15:29:38.0553 5756 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
15:29:38.0576 5756 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
15:29:38.0578 5756 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
15:29:38.0578 5756 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
15:29:38.0672 5756 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
15:29:38.0704 5756 vpnva - ok
15:29:38.0819 5756 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:29:38.0877 5756 vsmraid - ok
15:29:38.0939 5756 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:29:39.0101 5756 WacomPen - ok
15:29:39.0251 5756 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:29:39.0333 5756 Wanarp - ok
15:29:39.0343 5756 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:29:39.0393 5756 Wanarpv6 - ok
15:29:39.0482 5756 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:29:39.0516 5756 Wd - ok
15:29:39.0681 5756 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:29:39.0793 5756 Wdf01000 - ok
15:29:39.0925 5756 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:29:40.0108 5756 winachsf - ok
15:29:40.0310 5756 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:29:40.0391 5756 WmiAcpi - ok
15:29:40.0528 5756 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:29:40.0643 5756 WpdUsb - ok
15:29:40.0964 5756 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:29:41.0060 5756 ws2ifsl - ok
15:29:41.0162 5756 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:41.0238 5756 WUDFRd - ok
15:29:41.0293 5756 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
15:29:41.0340 5756 XAudio - ok
15:29:41.0499 5756 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
15:29:41.0600 5756 yukonwlh - ok
15:29:41.0720 5756 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:29:41.0930 5756 \Device\Harddisk0\DR0 - ok
15:29:41.0958 5756 Boot (0x1200) (293e1023632a465dd237e47019bdb3dc) \Device\Harddisk0\DR0\Partition0
15:29:41.0985 5756 \Device\Harddisk0\DR0\Partition0 - ok
15:29:41.0993 5756 Boot (0x1200) (36f83092e4e3be7d2f2c7764cab9bc57) \Device\Harddisk0\DR0\Partition1
15:29:41.0998 5756 \Device\Harddisk0\DR0\Partition1 - ok
15:29:42.0002 5756 ============================================================
15:29:42.0002 5756 Scan finished
15:29:42.0002 5756 ============================================================
15:29:42.0048 2436 Detected object count: 1
15:29:42.0048 2436 Actual detected object count: 1
15:33:16.0234 2436 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - skipped by user
15:33:16.0234 2436 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Skip
|
|
| Themen zu Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! |
| achtung, achtung!, aus sicherheitsgründen, bereits, durchgeführt, ergebnisse, gesperrt, hallo zusammen, helft, infiziert, laptop, scan, sicherheitsgründe, sicherheitsgründen, virus/trojaner, windowssystem, wurde ihr, zusammen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
