| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.02.2012, 13:12
| #1 |
 |  Windows gesperrt Hallo, ich habe dummerweise auch diesen "Windows wurde zu ihrer Sicherheit gesperrt"-Trojaner. Der Rechner lässt sich nur noch im abgesicherten Modus benutzen, allerdings funktionerit da das Internet nicht. Gerade lasse ich mal Anti_vir drüberlaufen, aber mehr aus Verzweiflung weil ich kein anderes Programm runterladen kann. Was kann ich machen? Gruß, Tanea |
|
12.02.2012, 14:52
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows gesperrt Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
|
12.02.2012, 15:06
| #3 |
| | Windows gesperrt ja, das funktioniert noch, schreibe auch gerade von dem PC
__________________ |
|
12.02.2012, 15:12
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können: Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
12.02.2012, 18:24
| #5 |
| | Windows gesperrt Hallo, okay, danke dir. hier die logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.12.02 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.19170 LFZL :: LFZL-LAPTOP [Administrator] Schutz: Deaktiviert 12.02.2012 16:12:14 mbam-log-2012-02-12 (16-12-14).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 311251 Laufzeit: 45 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Malware.Trace) -> Daten: explorer.exe,C:\Users\LFZL\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\LFZL\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=547cea251869394d841a40d510a00154
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 05:25:32
# local_time=2012-02-12 06:25:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 117755 103959575 193155 0
# compatibility_mode=5892 16776573 100 100 13051 166595783 0 0
# compatibility_mode=8192 67108863 100 0 3785 3785 0 0
# scanned=145447
# found=2
# cleaned=0
# scan_time=4520
C:\Users\LFZL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5T9L6BUI\channel-reward-central_com[1].htm HTML/Fraud.BG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\LFZL\Downloads\SoftonicDownloader_fuer_cdrtfe.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
|
|
12.02.2012, 19:03
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrtZitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Funktioniert der normale Modus ohne Blockierung wieder?
__________________ --> Windows gesperrt |
|
12.02.2012, 19:19
| #7 |
| | Windows gesperrt okay, soll ich das gleich deinstallieren oder später? normaler Modus funktioniert leider noch nicht wieder ;-( |
|
12.02.2012, 19:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
12.02.2012, 20:09
| #9 |
| | Windows gesperrt hier das Log: Code:
ATTFilter OTL logfile created on: 12.02.2012 20:55:19 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\LFZL\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 77,57% Memory free 4,14 Gb Paging File | 3,86 Gb Available in Paging File | 93,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 58,56 Gb Free Space | 52,38% Space Free | Partition Type: NTFS Computer Name: LFZL-LAPTOP | User Name: LFZL | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.12 20:53:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\LFZL\Downloads\OTL.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2011.03.29 04:00:34 | 000,047,032 | ---- | M] () -- C:\Programme\OpenAFS\Client\Program\afs_shl_ext_1032.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.07.01 09:04:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.02 09:10:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.29 03:55:18 | 000,672,184 | ---- | M] (OpenAFS Project) [Auto | Stopped] -- C:\Programme\OpenAFS\Client\Program\afsd_service.exe -- (TransarcAFSDaemon) SRV - [2009.11.09 12:46:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.09.22 16:27:54 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_60b78c9b\stacsv.exe -- (STacSV) SRV - [2008.09.17 11:03:16 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_60b78c9b\AEstSrv.exe -- (AESTFilters) SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.07.10 19:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.07.10 19:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.06.11 10:39:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Programme\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.01 09:04:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 09:04:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.10 21:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.09.22 16:28:54 | 000,389,632 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.06.30 11:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008.06.26 05:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.06.04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV) DRV - [2008.01.21 03:32:46 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop) DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-506798161-1589815655-2423967585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-506798161-1589815655-2423967585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-506798161-1589815655-2423967585-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://klips.uni-koeln.de/" FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.2.20111006100951 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.12 00:18:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.05 09:19:19 | 000,000,000 | ---D | M] [2009.08.27 21:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LFZL\AppData\Roaming\mozilla\Extensions [2012.01.25 16:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions [2011.09.06 21:39:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.25 16:54:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.12.05 09:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.30 09:06:23 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.05.19 16:53:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.02.12 00:18:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.12 00:18:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.12 00:18:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.12 00:18:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.12 00:18:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.12 00:18:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.12 00:18:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\pdf.dll CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\LFZL\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Linkury Smartbar = C:\Users\LFZL\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\ CHR - Extension: Linkury Smartbar = C:\Users\LFZL\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\Redirect O1 HOSTS File: ([2011.04.14 16:40:16 | 000,000,781 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 10.254.254.253 AFS O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000..\Run: [ffdwnd] C:\Users\LFZL\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak) O4 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe (Linkury) O4 - Startup: C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\LFZL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\LFZL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129162E6-D6A7-4066-B90D-D688848B5347}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51095014-818F-42D7-9BA0-BC49B3EBFF75}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AfsLogon: DllName - (C:\Program Files\OpenAFS\Client\Program\afslogon.dll) - C:\Programme\OpenAFS\Client\Program\afslogon.dll (OpenAFS Project) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\Shell\AutoRun\command - "" = E:\GORILA///mankisha.exe O33 - MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\Shell\open\command - "" = E:\GORILA///mankisha.exe O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\AutoRun\command - "" = E:\svira/svira32.exe O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\explore\command - "" = E:\svira/svira32.exe O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\open\command - "" = E:\.\svira/svira32.exe O33 - MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\Shell - "" = AutoRun O33 - MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\Shell - "" = AutoRun O33 - MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {07DC65EA-BD67-2129-FABC-5752F1D61F88} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.12 17:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.12 16:10:53 | 000,000,000 | ---D | C] -- C:\Users\LFZL\AppData\Roaming\Malwarebytes [2012.02.12 16:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.12 16:10:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.12 16:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.12 16:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.10 18:55:19 | 000,000,000 | ---D | C] -- C:\Users\LFZL\Desktop\Publikation [2012.02.10 11:01:20 | 000,000,000 | ---D | C] -- C:\Users\LFZL\AppData\Local\Microsoft Games [2012.02.10 10:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.02.02 17:21:38 | 000,000,000 | ---D | C] -- C:\Users\LFZL\Desktop\0_VortragKöln [2012.02.01 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\LFZL\Desktop\Lea ========== Files - Modified Within 30 Days ========== [2012.02.12 20:07:11 | 000,622,294 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.12 20:07:11 | 000,590,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.12 20:07:11 | 000,124,794 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.12 20:07:11 | 000,102,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.12 20:02:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.12 20:00:24 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 20:00:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 19:55:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.12 19:55:51 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job [2012.02.12 17:25:42 | 000,000,680 | ---- | M] () -- C:\Users\LFZL\AppData\Local\d3d9caps.dat [2012.02.12 16:10:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.12 13:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ========== Files Created - No Company Name ========== [2012.02.12 16:10:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.31 15:57:11 | 000,193,864 | ---- | C] () -- C:\Users\LFZL\Desktop\brief_aspla_wentzlaff.ott [2010.05.19 16:54:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.23 09:15:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.23 09:15:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.03 09:42:20 | 000,039,424 | ---- | C] () -- C:\Users\LFZL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.28 02:25:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.08.27 22:25:49 | 000,622,294 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.08.27 22:25:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.08.27 22:25:49 | 000,124,794 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.08.27 22:25:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.08.27 17:40:22 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2009.08.27 17:40:21 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009.08.27 17:40:21 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2009.08.27 17:40:20 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009.08.27 17:40:20 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2009.08.27 15:32:49 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2009.08.27 15:02:25 | 000,000,680 | ---- | C] () -- C:\Users\LFZL\AppData\Local\d3d9caps.dat [2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:44:53 | 002,427,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,590,710 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,102,584 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.06.30 11:58:44 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll [2006.06.30 11:58:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll ========== LOP Check ========== [2010.06.30 11:32:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Academic Software Zurich [2011.08.10 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Canneverbe Limited [2012.02.12 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Dropbox [2011.11.23 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\FinalTorrent [2011.08.10 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\OpenCandy [2009.08.27 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\OpenOffice.org [2012.02.12 19:55:51 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\FinalTorrent Update Checker.job [2012.02.12 20:00:15 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.30 11:32:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Academic Software Zurich [2011.11.23 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Adobe [2010.03.29 14:06:50 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Avira [2011.08.10 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Canneverbe Limited [2012.02.12 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Dropbox [2012.02.02 17:47:40 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\dvdcss [2011.11.23 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\FinalTorrent [2009.08.27 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Identities [2009.08.27 15:29:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\InstallShield [2009.11.09 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Macromedia [2012.02.12 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Malwarebytes [2012.01.24 14:38:14 | 000,000,000 | --SD | M] -- C:\Users\LFZL\AppData\Roaming\Microsoft [2009.08.27 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Mozilla [2011.08.10 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\OpenCandy [2009.08.27 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\OpenOffice.org [2012.02.12 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\Skype [2012.02.12 09:09:53 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\skypePM [2012.02.07 12:34:10 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\vlc [2010.08.04 14:17:50 | 000,000,000 | ---D | M] -- C:\Users\LFZL\AppData\Roaming\VMware < %APPDATA%\*.exe /s > [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\LFZL\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\LFZL\AppData\Roaming\Dropbox\bin\Uninstall.exe [2009.08.27 15:26:20 | 000,010,134 | R--- | M] () -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe [2009.08.27 15:26:20 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe [2009.08.27 15:32:09 | 000,365,322 | R--- | M] () -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{8B1F8092-9D84-459B-88EA-0BE882AC915E}\ARPPRODUCTICON.exe [2009.08.27 15:31:44 | 000,365,322 | R--- | M] () -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe [2009.08.27 15:32:36 | 000,011,758 | R--- | M] () -- C:\Users\LFZL\AppData\Roaming\Microsoft\Installer\{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}\ARPPRODUCTICON.exe [2011.08.10 14:54:56 | 000,416,160 | ---- | M] () -- C:\Users\LFZL\AppData\Roaming\OpenCandy\OpenCandy_E52FE0337CBE47C3B9FF25781E8C2B49\LatestDLMgr.exe [2011.08.10 14:55:02 | 004,226,064 | ---- | M] () -- C:\Users\LFZL\AppData\Roaming\OpenCandy\OpenCandy_E52FE0337CBE47C3B9FF25781E8C2B49\LinkuryInstaller_p1v4.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.03.06 05:21:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2209DBCD72FD45199BAE483DDBCA5D75 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_bdffb04d\atapi.sys [2008.03.06 05:21:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2209DBCD72FD45199BAE483DDBCA5D75 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22130_none_dda155213abfc239\atapi.sys [2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008.03.06 05:24:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=49996882C3272D944D027E03FCD89F6B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_fbc3e716\atapi.sys [2008.03.06 05:24:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=49996882C3272D944D027E03FCD89F6B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20786_none_db8b089b3dbc5507\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.02.2012 20:55:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\LFZL\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,96 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 77,57% Memory free
4,14 Gb Paging File | 3,86 Gb Available in Paging File | 93,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 58,56 Gb Free Space | 52,38% Space Free | Partition Type: NTFS
Computer Name: LFZL-LAPTOP | User Name: LFZL | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-506798161-1589815655-2423967585-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45785C2A-2769-4512-BE4E-DFFD3520C6DB}" = lport=445 | protocol=6 | dir=in | app=system |
"{63D02505-2DA9-4BDD-80BA-F161986EDE1D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6AC3C9FC-FEDD-47BA-A274-56F4950F12F0}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{70E7A0EB-EC53-4445-B5FA-A6B38483B6A8}" = lport=7001 | protocol=17 | dir=in | name=afs cachemanager callback (udp) |
"{97079D10-AEEC-4AFA-B0F0-55C11B47033A}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{AE9DB63E-BA22-4D95-B1DE-8956A2A37C12}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{CFDF89E7-9830-4255-8491-8B14041C6493}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F7224F87-14DE-4C22-9262-DC08F901045D}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1671DC77-6B81-44A3-ABA3-6CFDAB9B09F7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1CE4AD11-590F-4841-8025-F64968DCC94A}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{31B22A7F-56BB-4C21-9DA6-FC6AEC9CDCD5}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4AC55D5F-2704-417B-B772-0E8E88FDC29C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{50981C21-54B8-457B-9957-80425D9F1A06}" = protocol=6 | dir=in | app=c:\users\lfzl\appdata\roaming\dropbox\bin\dropbox.exe |
"{60992E2C-E621-452C-8628-DCDAF596979C}" = dir=in | app=c:\program files\finaltorrent\ftcheckforupdates.exe |
"{7CE74BD0-C758-47C2-B3B7-10D1A02F1C13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A543FA9B-D796-4F58-A841-4DDCE24555EF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AB719860-3250-4677-A60D-1778306CC9B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BABE4012-1301-4E7B-A730-52F39828884A}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E14C4BD6-9E04-4D1B-9031-06A2340E164A}" = protocol=17 | dir=in | app=c:\users\lfzl\appdata\roaming\dropbox\bin\dropbox.exe |
"{E9D6EF8F-BD4D-4453-8F57-1E5721693662}" = dir=in | app=c:\program files\finaltorrent\finaltorrent.exe |
"{FDFE7547-AA58-473C-AE36-DDDACBBF7B7C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"TCP Query User{1DB9EFC5-C315-48A9-8957-5CF0F107E826}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe |
"TCP Query User{26F49EB9-8715-450C-B3A9-46047BAEB1BA}C:\program files\finaltorrent\finaltorrent.exe" = protocol=6 | dir=in | app=c:\program files\finaltorrent\finaltorrent.exe |
"TCP Query User{CA51EB76-61E7-4C59-A3CF-A1314D000E35}C:\program files\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"TCP Query User{E80F59B2-63B5-4EE0-87DA-ECC62EBCAB60}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0EF94CFF-FDA3-4342-843C-69CBB4B0CE96}C:\program files\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"UDP Query User{1FC2F86C-B784-4C4F-A5B2-AC217B84D4CC}C:\program files\finaltorrent\finaltorrent.exe" = protocol=17 | dir=in | app=c:\program files\finaltorrent\finaltorrent.exe |
"UDP Query User{B6B9FA1E-3777-4431-B52F-B2DBCDC2A64C}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe |
"UDP Query User{EAE22C10-759C-406A-91C0-AC369736D843}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6865E7FA-9D39-460E-960D-14BACEDAE209}" = Visual Studio 8.0 Retail (Intel) Runtime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96B9274D-2D07-4C5B-A29C-55F3C0D6B342}" = Linkury Smartbar
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC51C0F-DA8E-4370-9997-899B3435A647}" = VMware vSphere Host Update Utility 4.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C40698F9-A861-4531-9F8C-FA7F8961375B}" = VMware vSphere Client 4.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Citavi" = Citavi 2.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FinalTorrent_is1" = FinalTorrent 2011
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"nxclient_is1" = NX Client for Windows 3.4.0-5
"OpenAFS" = OpenAFS for Windows
"ProInst" = Intel PROSet Wireless
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 1.0.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-506798161-1589815655-2423967585-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UklanAdmin V1.6" = UklanAdmin V1.6
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.02.2012 10:55:25 | Computer Name = LFZL-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 12.02.2012 10:57:35 | Computer Name = LFZL-Laptop | Source = EventSystem | ID = 4609
Description =
Error - 12.02.2012 10:58:15 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 12.02.2012 12:00:39 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 12.02.2012 12:04:50 | Computer Name = LFZL-Laptop | Source = EventSystem | ID = 4609
Description =
Error - 12.02.2012 12:05:02 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 12.02.2012 14:52:10 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 12.02.2012 15:04:07 | Computer Name = LFZL-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 12.02.2012 15:07:26 | Computer Name = LFZL-Laptop | Source = EventSystem | ID = 4609
Description =
Error - 12.02.2012 15:56:54 | Computer Name = LFZL-Laptop | Source = System Restore | ID = 8193
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 12.02.2012 12:02:31 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 12.02.2012 14:52:16 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 12.02.2012 14:52:16 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 12.02.2012 14:52:16 | Computer Name = LFZL-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
[ OSession Events ]
Error - 16.03.2010 19:34:19 | Computer Name = LFZL-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14116
seconds with 1980 seconds of active time. This session ended with a crash.
Error - 26.11.2010 07:59:04 | Computer Name = LFZL-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.02.2012 12:05:03 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7001
Description =
Error - 12.02.2012 12:05:03 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7026
Description =
Error - 12.02.2012 14:52:10 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 12.02.2012 14:53:15 | Computer Name = LFZL-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 12.02.2012 15:03:09 | Computer Name = LFZL-Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 12.02.2012 15:04:08 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7001
Description =
Error - 12.02.2012 15:04:08 | Computer Name = LFZL-Laptop | Source = Service Control Manager | ID = 7026
Description =
Error - 12.02.2012 15:07:16 | Computer Name = LFZL-Laptop | Source = DCOM | ID = 10005
Description =
Error - 12.02.2012 15:07:26 | Computer Name = LFZL-Laptop | Source = DCOM | ID = 10005
Description =
Error - 12.02.2012 15:07:31 | Computer Name = LFZL-Laptop | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
13.02.2012, 09:58
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt Funktioniert der normale Modus noch nicht?
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
13.02.2012, 10:09
| #11 |
| | Windows gesperrt nein, habs heute morgen nochmal probiert. sofort gesperrt.. |
|
13.02.2012, 11:43
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.09.06 21:39:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.25 16:54:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000..\Run: [ffdwnd] C:\Users\LFZL\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKU\S-1-5-21-506798161-1589815655-2423967585-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe (Linkury)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\Shell\AutoRun\command - "" = E:\GORILA///mankisha.exe
O33 - MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\Shell\open\command - "" = E:\GORILA///mankisha.exe
O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\AutoRun\command - "" = E:\svira/svira32.exe
O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\explore\command - "" = E:\svira/svira32.exe
O33 - MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\Shell\open\command - "" = E:\.\svira/svira32.exe
O33 - MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\Shell - "" = AutoRun
O33 - MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\Shell - "" = AutoRun
O33 - MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Commands
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
13.02.2012, 12:42
| #13 |
| | Windows gesperrtCode:
ATTFilter All processes killed
========== OTL ==========
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\LFZL\AppData\Roaming\mozilla\Firefox\Profiles\ndz5z1ho.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-506798161-1589815655-2423967585-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully.
C:\Users\LFZL\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-506798161-1589815655-2423967585-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Linkury Chrome Smartbar deleted successfully.
C:\Programme\Linkury\Linkury.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b072f80-300a-11df-8869-0023ae1c1d50}\ not found.
File E:\GORILA///mankisha.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b072f80-300a-11df-8869-0023ae1c1d50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b072f80-300a-11df-8869-0023ae1c1d50}\ not found.
File E:\GORILA///mankisha.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.
File E:\svira/svira32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.
File E:\svira/svira32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61325291-30d9-11df-99cb-0023ae1c1d50}\ not found.
File E:\.\svira/svira32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c33c4987-cd21-11de-aa56-0023ae1c1d50}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efd9fcc4-6a9e-11e0-8245-0023ae1c1d50}\ not found.
File F:\LaunchU3.exe -a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LFZL
->Temp folder emptied: 245787609 bytes
->Temporary Internet Files folder emptied: 310444008 bytes
->Java cache emptied: 66210954 bytes
->FireFox cache emptied: 51318746 bytes
->Google Chrome cache emptied: 6445507 bytes
->Flash cache emptied: 11825 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 161204409 bytes
RecycleBin emptied: 31376086 bytes
Total Files Cleaned = 832,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02132012_133631
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
13.02.2012, 12:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows gesperrt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
13.02.2012, 13:08
| #15 |
| | Windows gesperrtCode:
ATTFilter 14:02:46.0772 4148 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
14:02:47.0037 4148 ============================================================
14:02:47.0037 4148 Current date / time: 2012/02/13 14:02:47.0037
14:02:47.0037 4148 SystemInfo:
14:02:47.0037 4148
14:02:47.0037 4148 OS Version: 6.0.6002 ServicePack: 2.0
14:02:47.0038 4148 Product type: Workstation
14:02:47.0038 4148 ComputerName: LFZL-LAPTOP
14:02:47.0038 4148 UserName: LFZL
14:02:47.0038 4148 Windows directory: C:\Windows
14:02:47.0038 4148 System windows directory: C:\Windows
14:02:47.0038 4148 Processor architecture: Intel x86
14:02:47.0038 4148 Number of processors: 2
14:02:47.0038 4148 Page size: 0x1000
14:02:47.0038 4148 Boot type: Normal boot
14:02:47.0038 4148 ============================================================
14:02:48.0418 4148 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:02:48.0420 4148 \Device\Harddisk0\DR0:
14:02:48.0420 4148 MBR used
14:02:48.0420 4148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
14:02:48.0444 4148 Initialize success
14:02:48.0444 4148 ============================================================
14:04:21.0941 5160 ============================================================
14:04:21.0941 5160 Scan started
14:04:21.0941 5160 Mode: Manual; SigCheck; TDLFS;
14:04:21.0941 5160 ============================================================
14:04:22.0549 5160 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:04:22.0721 5160 ACPI - ok
14:04:22.0814 5160 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
14:04:22.0845 5160 adfs - ok
14:04:22.0923 5160 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:04:22.0939 5160 adp94xx - ok
14:04:23.0251 5160 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:04:23.0282 5160 adpahci - ok
14:04:23.0376 5160 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:04:23.0423 5160 adpu160m - ok
14:04:23.0516 5160 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:04:23.0532 5160 adpu320 - ok
14:04:23.0657 5160 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:04:23.0844 5160 AFD - ok
14:04:24.0203 5160 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:04:24.0218 5160 agp440 - ok
14:04:24.0265 5160 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:04:24.0296 5160 aic78xx - ok
14:04:24.0390 5160 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:04:24.0390 5160 aliide - ok
14:04:24.0452 5160 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:04:24.0452 5160 amdagp - ok
14:04:24.0483 5160 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:04:24.0499 5160 amdide - ok
14:04:24.0515 5160 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:04:24.0671 5160 AmdK7 - ok
14:04:24.0858 5160 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:04:24.0905 5160 AmdK8 - ok
14:04:24.0967 5160 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:04:24.0983 5160 arc - ok
14:04:25.0014 5160 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:04:25.0029 5160 arcsas - ok
14:04:25.0123 5160 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:04:25.0185 5160 AsyncMac - ok
14:04:25.0263 5160 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:04:25.0279 5160 atapi - ok
14:04:25.0373 5160 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
14:04:25.0388 5160 avgio - ok
14:04:25.0451 5160 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
14:04:25.0482 5160 avgntflt - ok
14:04:25.0513 5160 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
14:04:25.0529 5160 avipbb - ok
14:04:25.0591 5160 b57nd60x (6fb43f0dadb3fdc287d080c19666af8d) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:04:25.0716 5160 b57nd60x - ok
14:04:25.0809 5160 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:04:25.0872 5160 Beep - ok
14:04:25.0919 5160 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:04:25.0965 5160 blbdrive - ok
14:04:26.0028 5160 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:04:26.0106 5160 bowser - ok
14:04:26.0199 5160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:04:26.0387 5160 BrFiltLo - ok
14:04:26.0480 5160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:04:26.0543 5160 BrFiltUp - ok
14:04:26.0636 5160 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:04:26.0855 5160 Brserid - ok
14:04:27.0026 5160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:04:27.0151 5160 BrSerWdm - ok
14:04:27.0198 5160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:04:27.0260 5160 BrUsbMdm - ok
14:04:27.0323 5160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:04:27.0401 5160 BrUsbSer - ok
14:04:27.0557 5160 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:04:27.0619 5160 BTHMODEM - ok
14:04:27.0650 5160 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:04:27.0697 5160 cdfs - ok
14:04:27.0759 5160 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:04:27.0791 5160 cdrom - ok
14:04:27.0822 5160 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:04:27.0884 5160 circlass - ok
14:04:28.0009 5160 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:04:28.0040 5160 CLFS - ok
14:04:28.0134 5160 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:04:28.0165 5160 CmBatt - ok
14:04:28.0212 5160 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:04:28.0243 5160 cmdide - ok
14:04:28.0337 5160 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:04:28.0337 5160 Compbatt - ok
14:04:28.0352 5160 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:04:28.0368 5160 crcdisk - ok
14:04:28.0399 5160 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:04:28.0446 5160 Crusoe - ok
14:04:28.0524 5160 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:04:28.0586 5160 DfsC - ok
14:04:28.0680 5160 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:04:28.0695 5160 disk - ok
14:04:28.0805 5160 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:04:28.0883 5160 drmkaud - ok
14:04:28.0929 5160 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:04:28.0961 5160 DXGKrnl - ok
14:04:29.0085 5160 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:04:29.0163 5160 E1G60 - ok
14:04:29.0304 5160 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:04:29.0319 5160 Ecache - ok
14:04:29.0382 5160 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:04:29.0413 5160 elxstor - ok
14:04:29.0553 5160 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:04:29.0600 5160 ErrDev - ok
14:04:29.0678 5160 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:04:29.0741 5160 exfat - ok
14:04:29.0787 5160 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:04:29.0819 5160 fastfat - ok
14:04:29.0865 5160 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:04:29.0912 5160 fdc - ok
14:04:30.0006 5160 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:04:30.0021 5160 FileInfo - ok
14:04:30.0053 5160 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:04:30.0115 5160 Filetrace - ok
14:04:30.0162 5160 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:04:30.0224 5160 flpydisk - ok
14:04:30.0287 5160 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:04:30.0302 5160 FltMgr - ok
14:04:30.0318 5160 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:04:30.0349 5160 Fs_Rec - ok
14:04:30.0380 5160 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:04:30.0380 5160 gagp30kx - ok
14:04:30.0536 5160 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:04:30.0599 5160 HdAudAddService - ok
14:04:30.0661 5160 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:04:30.0786 5160 HDAudBus - ok
14:04:31.0051 5160 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:04:31.0145 5160 HidBth - ok
14:04:31.0207 5160 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:04:31.0269 5160 HidIr - ok
14:04:31.0332 5160 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:04:31.0379 5160 HidUsb - ok
14:04:31.0441 5160 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:04:31.0441 5160 HpCISSs - ok
14:04:31.0613 5160 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
14:04:31.0706 5160 HTTP - ok
14:04:31.0769 5160 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:04:31.0800 5160 i2omp - ok
14:04:31.0956 5160 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:04:32.0003 5160 i8042prt - ok
14:04:32.0112 5160 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:04:32.0143 5160 iaStorV - ok
14:04:32.0377 5160 igfx (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:04:32.0533 5160 igfx - ok
14:04:32.0658 5160 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:04:32.0689 5160 iirsp - ok
14:04:32.0736 5160 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
14:04:32.0767 5160 IntcHdmiAddService - ok
14:04:32.0829 5160 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:04:32.0845 5160 intelide - ok
14:04:32.0876 5160 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:04:32.0923 5160 intelppm - ok
14:04:32.0939 5160 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:04:32.0985 5160 IpFilterDriver - ok
14:04:32.0985 5160 IpInIp - ok
14:04:33.0032 5160 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:04:33.0079 5160 IPMIDRV - ok
14:04:33.0219 5160 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:04:33.0282 5160 IPNAT - ok
14:04:33.0313 5160 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:04:33.0375 5160 IRENUM - ok
14:04:33.0407 5160 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:04:33.0438 5160 isapnp - ok
14:04:33.0500 5160 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:04:33.0531 5160 iScsiPrt - ok
14:04:33.0563 5160 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:04:33.0563 5160 iteatapi - ok
14:04:33.0594 5160 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:04:33.0594 5160 iteraid - ok
14:04:33.0703 5160 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:04:33.0719 5160 kbdclass - ok
14:04:33.0781 5160 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:04:33.0828 5160 kbdhid - ok
14:04:33.0890 5160 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:04:33.0921 5160 KSecDD - ok
14:04:33.0953 5160 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:04:33.0999 5160 lltdio - ok
14:04:34.0202 5160 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:04:34.0202 5160 LSI_FC - ok
14:04:34.0249 5160 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:04:34.0265 5160 LSI_SAS - ok
14:04:34.0327 5160 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:04:34.0358 5160 LSI_SCSI - ok
14:04:34.0374 5160 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:04:34.0405 5160 luafv - ok
14:04:34.0436 5160 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
14:04:34.0452 5160 MBAMProtector - ok
14:04:34.0545 5160 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:04:34.0545 5160 megasas - ok
14:04:34.0577 5160 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:04:34.0608 5160 MegaSR - ok
14:04:34.0639 5160 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:04:34.0686 5160 Modem - ok
14:04:34.0717 5160 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:04:34.0748 5160 monitor - ok
14:04:34.0795 5160 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:04:34.0811 5160 mouclass - ok
14:04:34.0889 5160 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:04:34.0935 5160 mouhid - ok
14:04:34.0967 5160 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:04:34.0998 5160 MountMgr - ok
14:04:35.0029 5160 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:04:35.0045 5160 mpio - ok
14:04:35.0076 5160 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:04:35.0107 5160 mpsdrv - ok
14:04:35.0154 5160 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:04:35.0169 5160 Mraid35x - ok
14:04:35.0216 5160 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:04:35.0279 5160 MRxDAV - ok
14:04:35.0403 5160 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:04:35.0466 5160 mrxsmb - ok
14:04:35.0528 5160 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:04:35.0559 5160 mrxsmb10 - ok
14:04:35.0669 5160 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:04:35.0669 5160 mrxsmb20 - ok
14:04:35.0747 5160 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
14:04:35.0747 5160 msahci - ok
14:04:35.0793 5160 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:04:35.0793 5160 msdsm - ok
14:04:35.0809 5160 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:04:35.0840 5160 Msfs - ok
14:04:35.0887 5160 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:04:35.0887 5160 msisadrv - ok
14:04:35.0934 5160 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:04:35.0981 5160 MSKSSRV - ok
14:04:36.0168 5160 msloop (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
14:04:36.0215 5160 msloop - ok
14:04:36.0261 5160 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:04:36.0308 5160 MSPCLOCK - ok
14:04:36.0355 5160 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:04:36.0402 5160 MSPQM - ok
14:04:36.0464 5160 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:04:36.0480 5160 MsRPC - ok
14:04:36.0527 5160 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:04:36.0542 5160 mssmbios - ok
14:04:36.0589 5160 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:04:36.0636 5160 MSTEE - ok
14:04:36.0714 5160 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:04:36.0729 5160 Mup - ok
14:04:36.0807 5160 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:04:36.0823 5160 NativeWifiP - ok
14:04:36.0917 5160 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:04:36.0963 5160 NDIS - ok
14:04:37.0057 5160 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:04:37.0088 5160 NdisTapi - ok
14:04:37.0416 5160 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:04:37.0494 5160 Ndisuio - ok
14:04:37.0556 5160 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:04:37.0587 5160 NdisWan - ok
14:04:37.0634 5160 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:04:37.0665 5160 NDProxy - ok
14:04:37.0697 5160 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:04:37.0759 5160 NetBIOS - ok
14:04:38.0118 5160 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:04:38.0149 5160 netbt - ok
14:04:38.0289 5160 NETw5v32 (9ca26dccf0b84a6ff2b54fbb2a94520b) C:\Windows\system32\DRIVERS\NETw5v32.sys
14:04:38.0539 5160 NETw5v32 - ok
14:04:38.0679 5160 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:04:38.0679 5160 nfrd960 - ok
14:04:38.0726 5160 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:04:38.0804 5160 Npfs - ok
14:04:38.0835 5160 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:04:38.0851 5160 nsiproxy - ok
14:04:38.0929 5160 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:04:38.0976 5160 Ntfs - ok
14:04:39.0085 5160 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:04:39.0147 5160 ntrigdigi - ok
14:04:39.0179 5160 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:04:39.0225 5160 Null - ok
14:04:39.0272 5160 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:04:39.0272 5160 nvraid - ok
14:04:39.0413 5160 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:04:39.0444 5160 nvstor - ok
14:04:39.0569 5160 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:04:39.0600 5160 nv_agp - ok
14:04:39.0740 5160 NwlnkFlt - ok
14:04:39.0756 5160 NwlnkFwd - ok
14:04:39.0818 5160 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:04:39.0865 5160 ohci1394 - ok
14:04:39.0990 5160 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:04:40.0068 5160 Parport - ok
14:04:40.0177 5160 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:04:40.0193 5160 partmgr - ok
14:04:40.0286 5160 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:04:40.0364 5160 Parvdm - ok
14:04:40.0411 5160 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
14:04:40.0411 5160 PBADRV - ok
14:04:40.0505 5160 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:04:40.0520 5160 pci - ok
14:04:40.0551 5160 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:04:40.0567 5160 pciide - ok
14:04:40.0676 5160 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
14:04:40.0692 5160 pcmcia - ok
14:04:40.0739 5160 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:04:41.0004 5160 PEAUTH - ok
14:04:41.0347 5160 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:04:41.0425 5160 PptpMiniport - ok
14:04:41.0472 5160 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:04:41.0503 5160 Processor - ok
14:04:41.0597 5160 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:04:41.0628 5160 PSched - ok
14:04:41.0971 5160 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:04:42.0049 5160 ql2300 - ok
14:04:42.0236 5160 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:04:42.0252 5160 ql40xx - ok
14:04:42.0314 5160 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:04:42.0361 5160 QWAVEdrv - ok
14:04:42.0408 5160 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:04:42.0455 5160 RasAcd - ok
14:04:42.0517 5160 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:04:42.0564 5160 Rasl2tp - ok
14:04:42.0657 5160 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:04:42.0704 5160 RasPppoe - ok
14:04:42.0751 5160 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:04:42.0767 5160 RasSstp - ok
14:04:42.0829 5160 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:04:42.0876 5160 rdbss - ok
14:04:42.0907 5160 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:04:42.0938 5160 RDPCDD - ok
14:04:43.0001 5160 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:04:43.0032 5160 rdpdr - ok
14:04:43.0063 5160 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:04:43.0110 5160 RDPENCDD - ok
14:04:43.0157 5160 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:04:43.0203 5160 RDPWD - ok
14:04:43.0281 5160 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
14:04:43.0344 5160 rimmptsk - ok
14:04:43.0406 5160 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:04:43.0469 5160 rspndr - ok
14:04:43.0531 5160 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:04:43.0547 5160 sbp2port - ok
14:04:43.0625 5160 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
14:04:43.0656 5160 sdbus - ok
14:04:43.0671 5160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:04:43.0749 5160 secdrv - ok
14:04:43.0781 5160 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
14:04:43.0827 5160 Serenum - ok
14:04:43.0890 5160 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
14:04:43.0937 5160 Serial - ok
14:04:43.0983 5160 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:04:44.0030 5160 sermouse - ok
14:04:44.0093 5160 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:04:44.0139 5160 sffdisk - ok
14:04:44.0171 5160 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:04:44.0233 5160 sffp_mmc - ok
14:04:44.0249 5160 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:04:44.0295 5160 sffp_sd - ok
14:04:44.0342 5160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:04:44.0373 5160 sfloppy - ok
14:04:44.0389 5160 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:04:44.0405 5160 sisagp - ok
14:04:44.0436 5160 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:04:44.0436 5160 SiSRaid2 - ok
14:04:44.0529 5160 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:04:44.0529 5160 SiSRaid4 - ok
14:04:44.0592 5160 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:04:44.0607 5160 Smb - ok
14:04:44.0654 5160 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:04:44.0654 5160 spldr - ok
14:04:44.0717 5160 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:04:44.0810 5160 srv - ok
14:04:44.0841 5160 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:04:44.0904 5160 srv2 - ok
14:04:44.0951 5160 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:04:44.0966 5160 srvnet - ok
14:04:45.0044 5160 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:04:45.0044 5160 ssmdrv - ok
14:04:45.0153 5160 STHDA (304f7634121eae608cc413158ef3b1f9) C:\Windows\system32\DRIVERS\stwrt.sys
14:04:45.0200 5160 STHDA - ok
14:04:45.0247 5160 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:04:45.0263 5160 swenum - ok
14:04:45.0294 5160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:04:45.0309 5160 Symc8xx - ok
14:04:45.0356 5160 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:04:45.0356 5160 Sym_hi - ok
14:04:45.0403 5160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:04:45.0419 5160 Sym_u3 - ok
14:04:45.0481 5160 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:04:45.0528 5160 Tcpip - ok
14:04:45.0590 5160 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:04:45.0621 5160 Tcpip6 - ok
14:04:45.0699 5160 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:04:45.0762 5160 tcpipreg - ok
14:04:45.0840 5160 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:04:45.0887 5160 TDPIPE - ok
14:04:45.0980 5160 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:04:46.0027 5160 TDTCP - ok
14:04:46.0089 5160 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:04:46.0136 5160 tdx - ok
14:04:46.0214 5160 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:04:46.0230 5160 TermDD - ok
14:04:46.0292 5160 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:04:46.0339 5160 tssecsrv - ok
14:04:46.0386 5160 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:04:46.0479 5160 tunmp - ok
14:04:46.0589 5160 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:04:46.0620 5160 tunnel - ok
14:04:46.0667 5160 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:04:46.0698 5160 uagp35 - ok
14:04:46.0729 5160 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:04:46.0760 5160 udfs - ok
14:04:46.0791 5160 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:04:46.0807 5160 uliagpkx - ok
14:04:46.0838 5160 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:04:46.0885 5160 uliahci - ok
14:04:46.0932 5160 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:04:46.0947 5160 UlSata - ok
14:04:46.0979 5160 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:04:46.0994 5160 ulsata2 - ok
14:04:47.0072 5160 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:04:47.0103 5160 umbus - ok
14:04:47.0150 5160 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:04:47.0213 5160 usbccgp - ok
14:04:47.0244 5160 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:04:47.0322 5160 usbcir - ok
14:04:47.0384 5160 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:04:47.0415 5160 usbehci - ok
14:04:47.0478 5160 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:04:47.0509 5160 usbhub - ok
14:04:47.0556 5160 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:04:47.0618 5160 usbohci - ok
14:04:47.0712 5160 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:04:47.0743 5160 usbprint - ok
14:04:47.0774 5160 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:04:47.0805 5160 USBSTOR - ok
14:04:47.0821 5160 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:04:47.0852 5160 usbuhci - ok
14:04:47.0883 5160 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:04:47.0915 5160 vga - ok
14:04:47.0930 5160 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:04:47.0993 5160 VgaSave - ok
14:04:48.0024 5160 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:04:48.0039 5160 viaagp - ok
14:04:48.0071 5160 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:04:48.0102 5160 ViaC7 - ok
14:04:48.0133 5160 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:04:48.0133 5160 viaide - ok
14:04:48.0180 5160 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:04:48.0195 5160 volmgr - ok
14:04:48.0258 5160 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:04:48.0273 5160 volmgrx - ok
14:04:48.0336 5160 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:04:48.0351 5160 volsnap - ok
14:04:48.0461 5160 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
14:04:48.0461 5160 vpnva - ok
14:04:48.0523 5160 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:04:48.0539 5160 vsmraid - ok
14:04:48.0570 5160 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:04:48.0648 5160 WacomPen - ok
14:04:48.0663 5160 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:04:48.0710 5160 Wanarp - ok
14:04:48.0710 5160 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:04:48.0741 5160 Wanarpv6 - ok
14:04:48.0788 5160 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:04:48.0804 5160 Wd - ok
14:04:48.0851 5160 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:04:48.0929 5160 Wdf01000 - ok
14:04:49.0022 5160 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:04:49.0053 5160 WmiAcpi - ok
14:04:49.0116 5160 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:04:49.0163 5160 WpdUsb - ok
14:04:49.0194 5160 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:04:49.0225 5160 ws2ifsl - ok
14:04:49.0272 5160 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:04:49.0303 5160 WUDFRd - ok
14:04:49.0334 5160 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:04:49.0475 5160 \Device\Harddisk0\DR0 - ok
14:04:49.0475 5160 Boot (0x1200) (1f1e5f5689d4a83e2ae1b28ab9052f27) \Device\Harddisk0\DR0\Partition0
14:04:49.0475 5160 \Device\Harddisk0\DR0\Partition0 - ok
14:04:49.0475 5160 ============================================================
14:04:49.0475 5160 Scan finished
14:04:49.0475 5160 ============================================================
14:04:49.0490 5456 Detected object count: 0
14:04:49.0490 5456 Actual detected object count: 0
noch eine Beobachtung: als ich vorhin nach dem OTL-Fix den virenscanner wieder anschalten wollte, gab es eine Fehlermeldung das der Windows Hostprozess (Rundll32) nicht mehr funktioniert, als ich dazu auf den Icon des Windows-Sicherheitscenter in der Taskbar geklickt habe. Das ist aber nicht rekonstruierbar. |
|
| Themen zu Windows gesperrt |
| abgesicherte, abgesicherten, abgesicherten modus, anderes, anti, gesperrt, inter, interne, internet, modus, programm, rechner, runterladen, sicherheit, verzweiflung, windows, windows gesperrt |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
