| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: CMD Fenster öffnet sich nach pc start ganz kurz. Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.02.2012, 16:18
| #1 |
 |  CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Hallo. Seit einiger Zeit, nachdem ich den pc gestartet habe, öffnet sich für ein paar millisekunden das cmd fenster, aber man kann nicht erkennen was da steht, weil es eben zu kurz ist.. habe angst dass ich einen virus hab. Was kann ich tun? |
|
27.02.2012, 22:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Du hasttest hier vor ca. zwei Wochen schon ne Anfrage => http://www.trojaner-board.de/110060-...ben-virus.html
__________________Warum hast du da nicht mehr geantwortet?
__________________ |
|
28.02.2012, 06:25
| #3 |
| | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? das hat sich damals erledigt, weil es plötzlich aufgehört hat... sorry dass ich nix gesagt hab.
__________________PS: Es geht auch ab und zu ein fenster auf wo steht anwendungsanforderungen werden überprüft.. |
|
28.02.2012, 11:03
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.03.2012, 19:29
| #5 |
| | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Der Malwarebytes log: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.28.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Kevin :: KEVIN-PC [Administrator] 28.02.2012 17:20:17 mbam-log-2012-02-28 (17-20-17).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 384779 Laufzeit: 1 Stunde(n), 16 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{D7ED7FBF-C7BD-5F22-BEAB-2C31A9FBAB46} (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{D7ED7FBF-C7BD-5F22-BEAB-2C31A9FBAB46} (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{D7ED7FBF-C7BD-5F22-BEAB-2C31A9FBAB46} (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Windows Defender (Trojan.Agent.Gen) -> Daten: C:\Users\Kevin\AppData\Roaming\winlive.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Live (Backdoor.Agent.Gen) -> Daten: C:\Users\Kevin\AppData\Local\Temp\winini.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Defender (Trojan.Agent.Gen) -> Daten: C:\Users\Kevin\AppData\Roaming\winlive.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Defender (Trojan.Agent.Gen) -> Daten: C:\Users\Kevin\AppData\Roaming\winlive.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\Terraria\TDU.exe (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kevin\AppData\Roaming\winlive.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und der ESET log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f9fea77189c6c945b5b4ba982308ffd4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-28 09:11:39
# local_time=2012-02-28 10:11:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 26646 82083245 0 0
# compatibility_mode=8192 67108863 100 0 10826 10826 0 0
# scanned=212466
# found=1
# cleaned=0
# scan_time=10104
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\46e90d72-19f3bbad a variant of Java/TrojanDownloader.Agent.NDM trojan (unable to clean) 00000000000000000000000000000000 I
 |
|
01.03.2012, 20:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ --> CMD Fenster öffnet sich nach pc start ganz kurz. Virus? |
|
02.03.2012, 07:34
| #7 |
| | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Nein leider nicht^^ Hab es mir erst runtergeladen |
|
02.03.2012, 13:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2012, 17:52
| #9 |
| | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? OTL LOG: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2012 16:37:02 - Run 1 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Kevin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,44% Memory free 6,00 Gb Paging File | 4,53 Gb Available in Paging File | 75,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,61 Gb Total Space | 327,02 Gb Free Space | 71,78% Space Free | Partition Type: NTFS Drive D: | 10,15 Gb Total Space | 1,39 Gb Free Space | 13,67% Space Free | Partition Type: NTFS Drive E: | 6,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.02 16:34:18 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe PRC - [2012.02.14 16:33:11 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.02.14 16:32:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.04 22:11:42 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.09.23 19:58:26 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.16 10:30:06 | 000,887,712 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe ========== Modules (No Company Name) ========== MOD - [2012.01.04 22:11:42 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.23 19:58:26 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.12.06 04:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.12.05 22:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.23 18:32:05 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.02.14 16:33:11 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.02.14 16:32:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.02.07 13:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.01.04 22:11:42 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.01.24 13:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.12.13 05:43:39 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.12.06 04:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.12.06 03:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.17 18:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011.09.06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011.09.06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011.09.06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011.09.06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.09.06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.05.25 00:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.05.12 15:59:46 | 000,154,624 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 001,192,448 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.puls4.com/home IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 34 B4 A4 1C 7A CC 01 [binary data] IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/|hxxp://9gag.com/|hxxp://memebase.com/|hxxp://www.elitepvpers.com/|hxxp://www.computerbild.de/release-dates/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.20 22:39:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.22 20:09:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.30 05:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions [2011.12.03 00:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions [2011.12.03 00:21:32 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.02.10 06:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\405s9y58.default\extensions [2012.02.11 20:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\405S9Y58.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.22 20:09:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: avast! WebRep = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ CHR - Extension: Skype Click to Call = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Google Mail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.01.13 17:23:25 | 000,000,859 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 85.17.88.13 www.trollolololol.com O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1759596832-637370572-211249009-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1759596832-637370572-211249009-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-1759596832-637370572-211249009-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1759596832-637370572-211249009-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E165F74D-57FB-482E-95C5-A6152B80380C}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.04.02 14:23:39 | 000,000,000 | ---D | M] - E:\Autoplay -- [ CDFS ] O32 - AutoRun File - [2010.04.02 13:37:50 | 003,048,072 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2010.03.29 17:24:43 | 000,000,050 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2010.04.02 13:37:50 | 003,048,072 | R--- | M] () O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LANLauncher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.02 16:34:12 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe [2012.02.28 17:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.28 17:18:59 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes [2012.02.28 17:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.28 17:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.28 17:18:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.28 17:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.26 15:19:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.02.25 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012.02.21 18:50:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\RotMG.Production [2012.02.19 17:13:46 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Activision [2012.02.19 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\Kevin\NearRealityCachev12.2 [2012.02.11 15:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.02.11 15:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.02.10 07:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.02.10 07:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.02.10 07:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.02.10 06:57:41 | 000,000,000 | ---D | C] -- C:\AMD [2012.02.10 06:42:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2012.02.10 06:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2012.02.10 06:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Cleaner Pro [2012.02.08 20:18:45 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft Corporation [2012.02.08 19:02:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx [2012.02.08 19:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2012.02.08 19:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2012.02.08 19:00:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033 [2012.02.08 19:00:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033 [2012.02.08 19:00:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031 [2012.02.08 19:00:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031 [2012.02.08 19:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.02.08 18:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 [2012.02.08 18:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2012.02.08 18:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2012.02.08 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2012.02.08 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2012.02.08 18:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.02.08 18:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.02.08 18:53:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Visual Studio 2010 [2012.02.08 18:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2012.02.08 18:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2012.02.08 18:50:54 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2012.02.08 18:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2012.02.08 18:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2012.02.08 18:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2012.02.08 18:48:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.02 16:34:18 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe [2012.03.02 07:15:58 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.02 07:15:58 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.02 07:08:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.02 07:08:10 | 2414,755,840 | -HS- | M] () -- C:\hiberfil.sys [2012.02.26 16:57:49 | 000,000,009 | ---- | M] () -- C:\Users\Kevin\Desktop\process.ini [2012.02.26 14:43:19 | 000,092,847 | ---- | M] () -- C:\Users\Kevin\Desktop\erdbebenZZZZZ.png [2012.02.24 17:18:19 | 000,000,024 | ---- | M] () -- C:\Users\Kevin\random.dat [2012.02.24 17:16:03 | 000,000,044 | ---- | M] () -- C:\Users\Kevin\jagex_cl_runescape_LIVE.dat [2012.02.19 14:54:30 | 000,000,004 | ---- | M] () -- C:\Users\Kevin\cache.dat [2012.02.17 01:30:26 | 000,043,710 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Windows Defender [2012.02.16 20:32:54 | 001,776,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.16 20:32:54 | 000,762,792 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.16 20:32:54 | 000,718,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.16 20:32:54 | 000,173,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.16 20:32:54 | 000,146,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.16 20:32:39 | 001,776,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.16 12:04:00 | 000,271,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.14 16:33:11 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.02.14 16:33:03 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.02.14 16:32:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.11 15:42:09 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.26 14:43:40 | 000,092,847 | ---- | C] () -- C:\Users\Kevin\Desktop\erdbebenZZZZZ.png [2012.02.22 19:31:19 | 000,000,009 | ---- | C] () -- C:\Users\Kevin\Desktop\process.ini [2012.02.19 14:54:30 | 000,000,004 | ---- | C] () -- C:\Users\Kevin\cache.dat [2012.02.15 22:27:05 | 000,043,710 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Windows Defender [2012.02.06 17:23:44 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.01.29 19:38:34 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.11 22:30:11 | 001,776,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.27 12:21:18 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.09.27 09:29:51 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.27 09:29:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.26 19:18:27 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2011.09.23 22:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.23 19:13:51 | 000,007,605 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.01.27 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\.minecraft [2012.03.01 20:45:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite [2011.12.06 22:30:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoft [2011.12.06 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.26 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GameMaker [2011.11.16 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Jens Lorek [2011.09.23 20:55:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient [2011.11.15 22:50:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Origin [2011.11.16 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Publish Providers [2011.10.13 23:49:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\pymclevel [2012.01.28 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\redsn0w [2012.02.21 18:50:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\RotMG.Production [2011.11.16 21:55:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sony [2012.01.15 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TeamViewer [2011.11.04 13:06:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\To the Moon - Freebird Games [2011.11.04 06:23:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ts3overlay [2011.11.28 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Ubisoft [2012.01.30 05:51:57 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\uTorrent [2011.12.25 10:23:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.27 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\.minecraft [2011.12.30 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Adobe [2011.10.09 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Apple Computer [2012.02.10 06:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ATI [2012.03.01 20:45:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite [2011.12.06 22:30:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoft [2011.12.06 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.26 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GameMaker [2011.09.23 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Identities [2011.11.16 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Jens Lorek [2011.09.23 20:55:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient [2011.09.23 19:16:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Macromedia [2012.02.28 17:18:59 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs [2012.02.08 18:53:36 | 000,000,000 | --SD | M] -- C:\Users\Kevin\AppData\Roaming\Microsoft [2012.02.08 20:18:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Microsoft Corporation [2012.01.30 05:10:40 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla [2011.11.15 22:50:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Origin [2011.11.16 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Publish Providers [2011.10.13 23:49:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\pymclevel [2012.01.28 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\redsn0w [2012.02.21 18:50:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\RotMG.Production [2011.09.27 09:28:51 | 000,000,000 | RH-D | M] -- C:\Users\Kevin\AppData\Roaming\SecuROM [2012.03.02 16:37:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Skype [2011.11.16 21:55:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sony [2012.01.15 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TeamViewer [2011.11.04 13:06:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\To the Moon - Freebird Games [2011.10.20 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Toribash [2011.11.04 06:23:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ts3overlay [2011.11.28 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Ubisoft [2012.01.30 05:51:57 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\uTorrent [2011.09.23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.01.26 17:57:18 | 000,115,528 | ---- | M] (YoYo Games Ltd.) -- C:\Users\Kevin\AppData\Roaming\GameMaker\GameMaker.exe [2012.01.26 17:57:19 | 005,651,272 | ---- | M] (YoYo Games Ltd) -- C:\Users\Kevin\AppData\Roaming\GameMaker\Game_Maker.exe [2012.01.28 10:57:46 | 000,034,494 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_6FEFF9B68218417F98F549.exe [2012.01.28 10:57:46 | 000,080,992 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_929B66C02C979C60142428.exe [2012.01.28 10:57:46 | 000,010,134 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_95C329678770F2BD82CEC4.exe [2012.01.28 10:57:46 | 000,355,574 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_C6295F8C3D3FBEC1679013.exe [2012.01.28 10:57:46 | 000,355,574 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_D67EC9C9D7DDAFA4BCCBBF.exe [2011.12.11 17:21:46 | 000,010,134 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe [2011.10.07 16:31:55 | 000,136,568 | R--- | M] (Acresso Software Inc.) -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\ARPPRODUCTICON.exe [2011.10.07 16:31:55 | 000,136,568 | R--- | M] (Acresso Software Inc.) -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\BWConfig_14BFF80D8D994A26B6FD51288576B324.exe [2011.10.07 16:31:55 | 000,136,568 | R--- | M] (Acresso Software Inc.) -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\NewShortcut2_E032CCCB26C04AAEA5D133D9643D20E8.exe [2011.10.07 16:31:55 | 000,136,568 | R--- | M] (Acresso Software Inc.) -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\RazerZoneWebsite_51B2803B39F24EC28AFA6EFC67070FD2.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
02.03.2012, 17:58
| #10 |
| | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? OTL LOG: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2012 16:37:02 - Run 1 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Kevin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,44% Memory free 6,00 Gb Paging File | 4,53 Gb Available in Paging File | 75,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,61 Gb Total Space | 327,02 Gb Free Space | 71,78% Space Free | Partition Type: NTFS Drive D: | 10,15 Gb Total Space | 1,39 Gb Free Space | 13,67% Space Free | Partition Type: NTFS Drive E: | 6,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.02 16:34:18 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe PRC - [2012.02.14 16:33:11 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.02.14 16:32:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.04 22:11:42 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.09.23 19:58:26 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.16 10:30:06 | 000,887,712 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe ========== Modules (No Company Name) ========== MOD - [2012.01.04 22:11:42 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.23 19:58:26 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.12.06 04:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.12.05 22:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.23 18:32:05 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.02.14 16:33:11 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.02.14 16:32:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.02.07 13:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.01.04 22:11:42 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.01.24 13:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.12.13 05:43:39 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.12.06 04:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.12.06 03:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.17 18:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011.09.06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011.09.06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011.09.06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011.09.06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.09.06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.05.25 00:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.05.12 15:59:46 | 000,154,624 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 001,192,448 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.puls4.com/home IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 34 B4 A4 1C 7A CC 01 [binary data] IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/|hxxp://9gag.com/|hxxp://memebase.com/|hxxp://www.elitepvpers.com/|hxxp://www.computerbild.de/release-dates/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.20 22:39:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.22 20:09:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.30 05:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions [2011.12.03 00:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions [2011.12.03 00:21:32 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.02.10 06:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\405s9y58.default\extensions [2012.02.11 20:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\405S9Y58.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.22 20:09:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: avast! WebRep = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ CHR - Extension: Skype Click to Call = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Google Mail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.01.13 17:23:25 | 000,000,859 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 85.17.88.13 www.trollolololol.com O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1759596832-637370572-211249009-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1759596832-637370572-211249009-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-1759596832-637370572-211249009-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1759596832-637370572-211249009-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E165F74D-57FB-482E-95C5-A6152B80380C}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.04.02 14:23:39 | 000,000,000 | ---D | M] - E:\Autoplay -- [ CDFS ] O32 - AutoRun File - [2010.04.02 13:37:50 | 003,048,072 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2010.03.29 17:24:43 | 000,000,050 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2010.04.02 13:37:50 | 003,048,072 | R--- | M] () O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LANLauncher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.02 16:34:12 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe [2012.02.28 17:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.28 17:18:59 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes [2012.02.28 17:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.28 17:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.28 17:18:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.28 17:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.26 15:19:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.02.25 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012.02.21 18:50:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\RotMG.Production [2012.02.19 17:13:46 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Activision [2012.02.19 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\Kevin\NearRealityCachev12.2 [2012.02.11 15:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.02.11 15:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.02.10 07:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.02.10 07:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.02.10 07:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.02.10 06:57:41 | 000,000,000 | ---D | C] -- C:\AMD [2012.02.10 06:42:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2012.02.10 06:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2012.02.10 06:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Cleaner Pro [2012.02.08 20:18:45 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft Corporation [2012.02.08 19:02:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx [2012.02.08 19:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2012.02.08 19:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2012.02.08 19:00:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033 [2012.02.08 19:00:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033 [2012.02.08 19:00:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031 [2012.02.08 19:00:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031 [2012.02.08 19:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.02.08 18:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 [2012.02.08 18:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2012.02.08 18:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2012.02.08 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2012.02.08 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2012.02.08 18:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.02.08 18:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.02.08 18:53:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Visual Studio 2010 [2012.02.08 18:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2012.02.08 18:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2012.02.08 18:50:54 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2012.02.08 18:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2012.02.08 18:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2012.02.08 18:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2012.02.08 18:48:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.02 16:34:18 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe [2012.03.02 07:15:58 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.02 07:15:58 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.02 07:08:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.02 07:08:10 | 2414,755,840 | -HS- | M] () -- C:\hiberfil.sys [2012.02.26 16:57:49 | 000,000,009 | ---- | M] () -- C:\Users\Kevin\Desktop\process.ini [2012.02.26 14:43:19 | 000,092,847 | ---- | M] () -- C:\Users\Kevin\Desktop\erdbebenZZZZZ.png [2012.02.24 17:18:19 | 000,000,024 | ---- | M] () -- C:\Users\Kevin\random.dat [2012.02.24 17:16:03 | 000,000,044 | ---- | M] () -- C:\Users\Kevin\jagex_cl_runescape_LIVE.dat [2012.02.19 14:54:30 | 000,000,004 | ---- | M] () -- C:\Users\Kevin\cache.dat [2012.02.17 01:30:26 | 000,043,710 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Windows Defender [2012.02.16 20:32:54 | 001,776,168 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.16 20:32:54 | 000,762,792 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.16 20:32:54 | 000,718,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.16 20:32:54 | 000,173,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.16 20:32:54 | 000,146,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.16 20:32:39 | 001,776,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.16 12:04:00 | 000,271,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.14 16:33:11 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.02.14 16:33:03 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.02.14 16:32:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.11 15:42:09 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.26 14:43:40 | 000,092,847 | ---- | C] () -- C:\Users\Kevin\Desktop\erdbebenZZZZZ.png [2012.02.22 19:31:19 | 000,000,009 | ---- | C] () -- C:\Users\Kevin\Desktop\process.ini [2012.02.19 14:54:30 | 000,000,004 | ---- | C] () -- C:\Users\Kevin\cache.dat [2012.02.15 22:27:05 | 000,043,710 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Windows Defender [2012.02.06 17:23:44 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.01.29 19:38:34 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.11 22:30:11 | 001,776,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.27 12:21:18 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.09.27 09:29:51 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.27 09:29:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.26 19:18:27 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2011.09.23 22:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.23 19:13:51 | 000,007,605 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.01.27 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\.minecraft [2012.03.01 20:45:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite [2011.12.06 22:30:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoft [2011.12.06 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.26 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GameMaker [2011.11.16 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Jens Lorek [2011.09.23 20:55:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient [2011.11.15 22:50:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Origin [2011.11.16 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Publish Providers [2011.10.13 23:49:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\pymclevel [2012.01.28 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\redsn0w [2012.02.21 18:50:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\RotMG.Production [2011.11.16 21:55:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sony [2012.01.15 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TeamViewer [2011.11.04 13:06:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\To the Moon - Freebird Games [2011.11.04 06:23:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ts3overlay [2011.11.28 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Ubisoft [2012.01.30 05:51:57 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\uTorrent [2011.12.25 10:23:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.27 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\.minecraft [2011.12.30 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Adobe [2011.10.09 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Apple Computer [2012.02.10 06:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ATI [2012.03.01 20:45:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite [2011.12.06 22:30:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoft [2011.12.06 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.26 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GameMaker [2011.09.23 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Identities [2011.11.16 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Jens Lorek [2011.09.23 20:55:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient [2011.09.23 19:16:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Macromedia [2012.02.28 17:18:59 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs [2012.02.08 18:53:36 | 000,000,000 | --SD | M] -- C:\Users\Kevin\AppData\Roaming\Microsoft [2012.02.08 20:18:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Microsoft Corporation [2012.01.30 05:10:40 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla [2011.11.15 22:50:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Origin [2011.11.16 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Publish Providers [2011.10.13 23:49:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\pymclevel [2012.01.28 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\redsn0w [2012.02.21 18:50:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\RotMG.Production [2011.09.27 09:28:51 | 000,000,000 | RH-D | M] -- C:\Users\Kevin\AppData\Roaming\SecuROM [2012.03.02 16:37:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Skype [2011.11.16 21:55:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sony [2012.01.15 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TeamViewer [2011.11.04 13:06:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\To the Moon - Freebird Games [2011.10.20 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Toribash [2011.11.04 06:23:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ts3overlay [2011.11.28 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Ubisoft [2012.01.30 05:51:57 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\uTorrent [2011.09.23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.01.26 17:57:18 | 000,115,528 | ---- | M] (YoYo Games Ltd.) -- C:\Users\Kevin\AppData\Roaming\GameMaker\GameMaker.exe [2012.01.26 17:57:19 | 005,651,272 | ---- | M] (YoYo Games Ltd) -- C:\Users\Kevin\AppData\Roaming\GameMaker\Game_Maker.exe [2012.01.28 10:57:46 | 000,034,494 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_6FEFF9B68218417F98F549.exe [2012.01.28 10:57:46 | 000,080,992 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_929B66C02C979C60142428.exe [2012.01.28 10:57:46 | 000,010,134 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_95C329678770F2BD82CEC4.exe [2012.01.28 10:57:46 | 000,355,574 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_C6295F8C3D3FBEC1679013.exe [2012.01.28 10:57:46 | 000,355,574 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_D67EC9C9D7DDAFA4BCCBBF.exe [2011.12.11 17:21:46 | 000,010,134 | R--- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe [2011.10.07 16:31:55 | 000,136,568 | R--- | M] (Acresso Software Inc.) -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\ARPPRODUCTICON.exe [2011.10.07 16:31:55 | 000,136,568 | R--- | M] (Acresso Software Inc.) -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\BWConfig_14BFF80D8D994A26B6FD51288576B324.exe [2011.10.07 16:31:55 | 000,136,568 | R--- | M] (Acresso Software Inc.) -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\NewShortcut2_E032CCCB26C04AAEA5D133D9643D20E8.exe [2011.10.07 16:31:55 | 000,136,568 | R--- | M] (Acresso Software Inc.) -- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\RazerZoneWebsite_51B2803B39F24EC28AFA6EFC67070FD2.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > SORRY DOPPELPOST.. internet hat gelaggt -.- |
|
02.03.2012, 18:37
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.puls4.com/home
IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 34 B4 A4 1C 7A CC 01 [binary data]
IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
[2011.12.03 00:21:32 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1759596832-637370572-211249009-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-1759596832-637370572-211249009-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.02 14:23:39 | 000,000,000 | ---D | M] - E:\Autoplay -- [ CDFS ]
O32 - AutoRun File - [2010.04.02 13:37:50 | 003,048,072 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.29 17:24:43 | 000,000,050 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2010.04.02 13:37:50 | 003,048,072 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LANLauncher.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.03.2012, 12:21
| #12 |
| | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Erledigt, hier der Log Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1759596832-637370572-211249009-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1759596832-637370572-211249009-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1759596832-637370572-211249009-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Unable to set value : HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\searchplugin folder moved successfully.
C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\modules folder moved successfully.
C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\META-INF folder moved successfully.
C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\defaults folder moved successfully.
C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\components folder moved successfully.
C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome folder moved successfully.
C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-1759596832-637370572-211249009-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-1759596832-637370572-211249009-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1759596832-637370572-211249009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ffe2287-e60e-11e0-a13e-806e6f6e6963}\ not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\LANLauncher.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kevin
->Temp folder emptied: 9760016 bytes
->Temporary Internet Files folder emptied: 4268411 bytes
->Java cache emptied: 171570300 bytes
->FireFox cache emptied: 424297942 bytes
->Google Chrome cache emptied: 451817764 bytes
->Flash cache emptied: 2789 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51169 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 5866589683 bytes
Total Files Cleaned = 6.608,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.34.0 log created on 03032012_121547
Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
C:\Users\Kevin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
05.03.2012, 12:08
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2012, 18:15
| #14 |
| | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Kann tdss killer nicht starten.. Da steht das ist keine zulässige Win32 Anwendung...habe Windows 7 64-Bit btw. EDIT: Habs geschafft, mit ner neueren version von TDSSKiller. hier das log: Code:
ATTFilter :16:34.0279 4840 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
18:16:34.0420 4840 ============================================================
18:16:34.0421 4840 Current date / time: 2012/03/05 18:16:34.0420
18:16:34.0421 4840 SystemInfo:
18:16:34.0421 4840
18:16:34.0421 4840 OS Version: 6.1.7601 ServicePack: 1.0
18:16:34.0421 4840 Product type: Workstation
18:16:34.0421 4840 ComputerName: KEVIN-PC
18:16:34.0422 4840 UserName: Kevin
18:16:34.0422 4840 Windows directory: C:\Windows
18:16:34.0422 4840 System windows directory: C:\Windows
18:16:34.0422 4840 Running under WOW64
18:16:34.0422 4840 Processor architecture: Intel x64
18:16:34.0422 4840 Number of processors: 4
18:16:34.0422 4840 Page size: 0x1000
18:16:34.0422 4840 Boot type: Normal boot
18:16:34.0422 4840 ============================================================
18:16:35.0379 4840 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:16:35.0405 4840 \Device\Harddisk0\DR0:
18:16:35.0405 4840 MBR used
18:16:35.0405 4840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38F37051
18:16:35.0405 4840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38F37090, BlocksNum 0x144D800
18:16:35.0469 4840 Initialize success
18:16:35.0469 4840 ============================================================
18:17:09.0009 0892 ============================================================
18:17:09.0010 0892 Scan started
18:17:09.0010 0892 Mode: Manual; SigCheck; TDLFS;
18:17:09.0010 0892 ============================================================
18:17:09.0386 0892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:17:09.0517 0892 1394ohci - ok
18:17:09.0559 0892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:17:09.0580 0892 ACPI - ok
18:17:09.0613 0892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:17:09.0673 0892 AcpiPmi - ok
18:17:09.0752 0892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:17:09.0793 0892 adp94xx - ok
18:17:09.0822 0892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:17:09.0856 0892 adpahci - ok
18:17:09.0884 0892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:17:09.0912 0892 adpu320 - ok
18:17:09.0993 0892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:17:10.0055 0892 AFD - ok
18:17:10.0076 0892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:17:10.0090 0892 agp440 - ok
18:17:10.0114 0892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:17:10.0127 0892 aliide - ok
18:17:10.0168 0892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:17:10.0181 0892 amdide - ok
18:17:10.0232 0892 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:17:10.0277 0892 amdiox64 - ok
18:17:10.0304 0892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:17:10.0361 0892 AmdK8 - ok
18:17:10.0618 0892 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
18:17:10.0960 0892 amdkmdag - ok
18:17:11.0066 0892 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:17:11.0118 0892 amdkmdap - ok
18:17:11.0157 0892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:17:11.0191 0892 AmdPPM - ok
18:17:11.0227 0892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:17:11.0242 0892 amdsata - ok
18:17:11.0269 0892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:17:11.0287 0892 amdsbs - ok
18:17:11.0320 0892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:17:11.0337 0892 amdxata - ok
18:17:11.0404 0892 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:17:11.0418 0892 AODDriver4.01 - ok
18:17:11.0453 0892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:17:11.0574 0892 AppID - ok
18:17:11.0643 0892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:17:11.0658 0892 arc - ok
18:17:11.0668 0892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:17:11.0685 0892 arcsas - ok
18:17:11.0743 0892 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
18:17:11.0762 0892 aswFsBlk - ok
18:17:11.0817 0892 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
18:17:11.0832 0892 aswMonFlt - ok
18:17:11.0865 0892 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
18:17:11.0881 0892 aswRdr - ok
18:17:11.0916 0892 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
18:17:11.0944 0892 aswSnx - ok
18:17:11.0976 0892 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
18:17:11.0995 0892 aswSP - ok
18:17:12.0015 0892 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
18:17:12.0029 0892 aswTdi - ok
18:17:12.0045 0892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:17:12.0184 0892 AsyncMac - ok
18:17:12.0228 0892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:17:12.0242 0892 atapi - ok
18:17:12.0325 0892 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys
18:17:12.0390 0892 athr - ok
18:17:12.0451 0892 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
18:17:12.0466 0892 AtiHDAudioService - ok
18:17:12.0563 0892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:17:12.0630 0892 b06bdrv - ok
18:17:12.0679 0892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:17:12.0746 0892 b57nd60a - ok
18:17:12.0785 0892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:17:12.0853 0892 Beep - ok
18:17:12.0894 0892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:17:12.0922 0892 blbdrive - ok
18:17:12.0979 0892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:17:13.0037 0892 bowser - ok
18:17:13.0070 0892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:17:13.0138 0892 BrFiltLo - ok
18:17:13.0162 0892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:17:13.0190 0892 BrFiltUp - ok
18:17:13.0229 0892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:17:13.0289 0892 Brserid - ok
18:17:13.0310 0892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:17:13.0339 0892 BrSerWdm - ok
18:17:13.0355 0892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:17:13.0386 0892 BrUsbMdm - ok
18:17:13.0403 0892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:17:13.0429 0892 BrUsbSer - ok
18:17:13.0456 0892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:17:13.0491 0892 BTHMODEM - ok
18:17:13.0539 0892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:17:13.0595 0892 cdfs - ok
18:17:13.0640 0892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:17:13.0670 0892 cdrom - ok
18:17:13.0708 0892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:17:13.0755 0892 circlass - ok
18:17:13.0799 0892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:17:13.0822 0892 CLFS - ok
18:17:13.0887 0892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:17:13.0916 0892 CmBatt - ok
18:17:13.0962 0892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:17:13.0975 0892 cmdide - ok
18:17:14.0023 0892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:17:14.0084 0892 CNG - ok
18:17:14.0105 0892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:17:14.0118 0892 Compbatt - ok
18:17:14.0143 0892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:17:14.0175 0892 CompositeBus - ok
18:17:14.0202 0892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:17:14.0215 0892 crcdisk - ok
18:17:14.0281 0892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:17:14.0355 0892 DfsC - ok
18:17:14.0375 0892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:17:14.0461 0892 discache - ok
18:17:14.0494 0892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:17:14.0517 0892 Disk - ok
18:17:14.0564 0892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:17:14.0598 0892 drmkaud - ok
18:17:14.0648 0892 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:17:14.0677 0892 dtsoftbus01 - ok
18:17:14.0726 0892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:17:14.0775 0892 DXGKrnl - ok
18:17:14.0884 0892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:17:14.0973 0892 ebdrv - ok
18:17:15.0027 0892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:17:15.0063 0892 elxstor - ok
18:17:15.0092 0892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:17:15.0124 0892 ErrDev - ok
18:17:15.0164 0892 ESLvnic1 (c33acb897af927d1c1bd84f211fae75b) C:\Windows\system32\DRIVERS\ESLvnic.sys
18:17:15.0178 0892 ESLvnic1 - ok
18:17:15.0211 0892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:17:15.0283 0892 exfat - ok
18:17:15.0300 0892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:17:15.0370 0892 fastfat - ok
18:17:15.0406 0892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:17:15.0431 0892 fdc - ok
18:17:15.0465 0892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:17:15.0480 0892 FileInfo - ok
18:17:15.0496 0892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:17:15.0558 0892 Filetrace - ok
18:17:15.0575 0892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:17:15.0595 0892 flpydisk - ok
18:17:15.0631 0892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:17:15.0651 0892 FltMgr - ok
18:17:15.0697 0892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:17:15.0711 0892 FsDepends - ok
18:17:15.0726 0892 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:17:15.0739 0892 Fs_Rec - ok
18:17:15.0771 0892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:17:15.0792 0892 fvevol - ok
18:17:15.0813 0892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:17:15.0827 0892 gagp30kx - ok
18:17:15.0874 0892 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:17:15.0892 0892 GEARAspiWDM - ok
18:17:15.0950 0892 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
18:17:15.0962 0892 hamachi - ok
18:17:16.0053 0892 HCW85BDA (9e308d0bc9a9cf6e50aa25639c9cccb3) C:\Windows\system32\drivers\HCW85BDA.sys
18:17:16.0119 0892 HCW85BDA - ok
18:17:16.0149 0892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:17:16.0175 0892 hcw85cir - ok
18:17:16.0215 0892 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:17:16.0263 0892 HdAudAddService - ok
18:17:16.0287 0892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:17:16.0330 0892 HDAudBus - ok
18:17:16.0347 0892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:17:16.0392 0892 HidBatt - ok
18:17:16.0415 0892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:17:16.0445 0892 HidBth - ok
18:17:16.0466 0892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:17:16.0500 0892 HidIr - ok
18:17:16.0551 0892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:17:16.0578 0892 HidUsb - ok
18:17:16.0615 0892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:17:16.0630 0892 HpSAMD - ok
18:17:16.0685 0892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:17:16.0758 0892 HTTP - ok
18:17:16.0785 0892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:17:16.0798 0892 hwpolicy - ok
18:17:16.0817 0892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:17:16.0838 0892 i8042prt - ok
18:17:16.0875 0892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:17:16.0898 0892 iaStorV - ok
18:17:16.0930 0892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:17:16.0944 0892 iirsp - ok
18:17:17.0058 0892 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
18:17:17.0134 0892 IntcAzAudAddService - ok
18:17:17.0159 0892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:17:17.0172 0892 intelide - ok
18:17:17.0199 0892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:17:17.0229 0892 intelppm - ok
18:17:17.0265 0892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:17:17.0324 0892 IpFilterDriver - ok
18:17:17.0357 0892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:17:17.0383 0892 IPMIDRV - ok
18:17:17.0408 0892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:17:17.0463 0892 IPNAT - ok
18:17:17.0512 0892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:17:17.0552 0892 IRENUM - ok
18:17:17.0567 0892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:17:17.0580 0892 isapnp - ok
18:17:17.0602 0892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:17:17.0623 0892 iScsiPrt - ok
18:17:17.0656 0892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:17:17.0670 0892 kbdclass - ok
18:17:17.0692 0892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:17:17.0718 0892 kbdhid - ok
18:17:17.0757 0892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:17:17.0772 0892 KSecDD - ok
18:17:17.0792 0892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:17:17.0809 0892 KSecPkg - ok
18:17:17.0825 0892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:17:17.0895 0892 ksthunk - ok
18:17:17.0962 0892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:17:18.0018 0892 lltdio - ok
18:17:18.0069 0892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:17:18.0085 0892 LSI_FC - ok
18:17:18.0102 0892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:17:18.0118 0892 LSI_SAS - ok
18:17:18.0150 0892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:17:18.0173 0892 LSI_SAS2 - ok
18:17:18.0185 0892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:17:18.0201 0892 LSI_SCSI - ok
18:17:18.0213 0892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:17:18.0280 0892 luafv - ok
18:17:18.0313 0892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:17:18.0327 0892 megasas - ok
18:17:18.0350 0892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:17:18.0370 0892 MegaSR - ok
18:17:18.0395 0892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:17:18.0463 0892 Modem - ok
18:17:18.0486 0892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:17:18.0527 0892 monitor - ok
18:17:18.0563 0892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:17:18.0576 0892 mouclass - ok
18:17:18.0594 0892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:17:18.0613 0892 mouhid - ok
18:17:18.0651 0892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:17:18.0666 0892 mountmgr - ok
18:17:18.0703 0892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:17:18.0720 0892 mpio - ok
18:17:18.0732 0892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:17:18.0796 0892 mpsdrv - ok
18:17:18.0831 0892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:17:18.0886 0892 MRxDAV - ok
18:17:18.0915 0892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:17:18.0963 0892 mrxsmb - ok
18:17:18.0978 0892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:17:19.0001 0892 mrxsmb10 - ok
18:17:19.0022 0892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:17:19.0043 0892 mrxsmb20 - ok
18:17:19.0066 0892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:17:19.0080 0892 msahci - ok
18:17:19.0100 0892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:17:19.0116 0892 msdsm - ok
18:17:19.0149 0892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:17:19.0196 0892 Msfs - ok
18:17:19.0215 0892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:17:19.0284 0892 mshidkmdf - ok
18:17:19.0304 0892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:17:19.0316 0892 msisadrv - ok
18:17:19.0356 0892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:17:19.0423 0892 MSKSSRV - ok
18:17:19.0437 0892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:17:19.0489 0892 MSPCLOCK - ok
18:17:19.0510 0892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:17:19.0580 0892 MSPQM - ok
18:17:19.0615 0892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:17:19.0637 0892 MsRPC - ok
18:17:19.0662 0892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:17:19.0677 0892 mssmbios - ok
18:17:19.0715 0892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:17:19.0772 0892 MSTEE - ok
18:17:19.0792 0892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:17:19.0821 0892 MTConfig - ok
18:17:19.0856 0892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:17:19.0869 0892 Mup - ok
18:17:19.0904 0892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:17:19.0948 0892 NativeWifiP - ok
18:17:19.0996 0892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:17:20.0039 0892 NDIS - ok
18:17:20.0071 0892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:17:20.0125 0892 NdisCap - ok
18:17:20.0158 0892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:17:20.0221 0892 NdisTapi - ok
18:17:20.0254 0892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:17:20.0301 0892 Ndisuio - ok
18:17:20.0330 0892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:17:20.0391 0892 NdisWan - ok
18:17:20.0417 0892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:17:20.0476 0892 NDProxy - ok
18:17:20.0502 0892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:17:20.0581 0892 NetBIOS - ok
18:17:20.0609 0892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:17:20.0666 0892 NetBT - ok
18:17:20.0752 0892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:17:20.0766 0892 nfrd960 - ok
18:17:20.0793 0892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:17:20.0850 0892 Npfs - ok
18:17:20.0886 0892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:17:20.0945 0892 nsiproxy - ok
18:17:21.0027 0892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:17:21.0092 0892 Ntfs - ok
18:17:21.0127 0892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:17:21.0201 0892 Null - ok
18:17:21.0251 0892 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
18:17:21.0296 0892 NVENETFD - ok
18:17:21.0333 0892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:17:21.0361 0892 nvraid - ok
18:17:21.0383 0892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:17:21.0399 0892 nvstor - ok
18:17:21.0427 0892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:17:21.0442 0892 nv_agp - ok
18:17:21.0463 0892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:17:21.0493 0892 ohci1394 - ok
18:17:21.0526 0892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:17:21.0545 0892 Parport - ok
18:17:21.0579 0892 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:17:21.0593 0892 partmgr - ok
18:17:21.0617 0892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:17:21.0634 0892 pci - ok
18:17:21.0655 0892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:17:21.0668 0892 pciide - ok
18:17:21.0690 0892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:17:21.0708 0892 pcmcia - ok
18:17:21.0726 0892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:17:21.0745 0892 pcw - ok
18:17:21.0777 0892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:17:21.0861 0892 PEAUTH - ok
18:17:22.0013 0892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:17:22.0097 0892 PptpMiniport - ok
18:17:22.0122 0892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:17:22.0165 0892 Processor - ok
18:17:22.0215 0892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:17:22.0294 0892 Psched - ok
18:17:22.0342 0892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:17:22.0397 0892 ql2300 - ok
18:17:22.0415 0892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:17:22.0431 0892 ql40xx - ok
18:17:22.0460 0892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:17:22.0492 0892 QWAVEdrv - ok
18:17:22.0513 0892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:17:22.0580 0892 RasAcd - ok
18:17:22.0610 0892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:17:22.0658 0892 RasAgileVpn - ok
18:17:22.0699 0892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:17:22.0780 0892 Rasl2tp - ok
18:17:22.0812 0892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:17:22.0876 0892 RasPppoe - ok
18:17:22.0899 0892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:17:22.0946 0892 RasSstp - ok
18:17:22.0984 0892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:17:23.0042 0892 rdbss - ok
18:17:23.0059 0892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:17:23.0092 0892 rdpbus - ok
18:17:23.0110 0892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:17:23.0166 0892 RDPCDD - ok
18:17:23.0201 0892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:17:23.0261 0892 RDPENCDD - ok
18:17:23.0284 0892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:17:23.0332 0892 RDPREFMP - ok
18:17:23.0353 0892 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:17:23.0406 0892 RDPWD - ok
18:17:23.0439 0892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:17:23.0460 0892 rdyboost - ok
18:17:23.0547 0892 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
18:17:23.0568 0892 RsFx0103 - ok
18:17:23.0594 0892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:17:23.0654 0892 rspndr - ok
18:17:23.0689 0892 RzSynapse (f71eea505290b0aad48850f0d750702d) C:\Windows\system32\DRIVERS\RzSynapse.sys
18:17:23.0732 0892 RzSynapse - ok
18:17:23.0768 0892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:17:23.0785 0892 sbp2port - ok
18:17:23.0818 0892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:17:23.0862 0892 scfilter - ok
18:17:23.0894 0892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:17:23.0950 0892 secdrv - ok
18:17:23.0991 0892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:17:24.0025 0892 Serenum - ok
18:17:24.0055 0892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:17:24.0081 0892 Serial - ok
18:17:24.0105 0892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:17:24.0133 0892 sermouse - ok
18:17:24.0165 0892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:17:24.0200 0892 sffdisk - ok
18:17:24.0221 0892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:17:24.0256 0892 sffp_mmc - ok
18:17:24.0278 0892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:17:24.0316 0892 sffp_sd - ok
18:17:24.0335 0892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:17:24.0361 0892 sfloppy - ok
18:17:24.0389 0892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:17:24.0404 0892 SiSRaid2 - ok
18:17:24.0422 0892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:17:24.0437 0892 SiSRaid4 - ok
18:17:24.0465 0892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:17:24.0524 0892 Smb - ok
18:17:24.0566 0892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:17:24.0580 0892 spldr - ok
18:17:24.0660 0892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:17:24.0696 0892 srv - ok
18:17:24.0719 0892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:17:24.0750 0892 srv2 - ok
18:17:24.0772 0892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:17:24.0810 0892 srvnet - ok
18:17:24.0856 0892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:17:24.0869 0892 stexstor - ok
18:17:24.0905 0892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:17:24.0919 0892 swenum - ok
18:17:24.0976 0892 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
18:17:24.0989 0892 taphss - ok
18:17:25.0058 0892 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:17:25.0118 0892 Tcpip - ok
18:17:25.0162 0892 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:17:25.0211 0892 TCPIP6 - ok
18:17:25.0246 0892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:17:25.0301 0892 tcpipreg - ok
18:17:25.0326 0892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:17:25.0387 0892 TDPIPE - ok
18:17:25.0402 0892 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:17:25.0460 0892 TDTCP - ok
18:17:25.0495 0892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:17:25.0544 0892 tdx - ok
18:17:25.0611 0892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:17:25.0625 0892 TermDD - ok
18:17:25.0697 0892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:17:25.0754 0892 tssecsrv - ok
18:17:25.0797 0892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:17:25.0834 0892 TsUsbFlt - ok
18:17:25.0890 0892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:17:25.0950 0892 tunnel - ok
18:17:25.0979 0892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:17:25.0994 0892 uagp35 - ok
18:17:26.0029 0892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:17:26.0097 0892 udfs - ok
18:17:26.0145 0892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:17:26.0159 0892 uliagpkx - ok
18:17:26.0189 0892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:17:26.0220 0892 umbus - ok
18:17:26.0237 0892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:17:26.0265 0892 UmPass - ok
18:17:26.0309 0892 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:17:26.0343 0892 USBAAPL64 - ok
18:17:26.0360 0892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:17:26.0393 0892 usbccgp - ok
18:17:26.0424 0892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:17:26.0458 0892 usbcir - ok
18:17:26.0478 0892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:17:26.0509 0892 usbehci - ok
18:17:26.0538 0892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:17:26.0568 0892 usbhub - ok
18:17:26.0593 0892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:17:26.0627 0892 usbohci - ok
18:17:26.0647 0892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:17:26.0681 0892 usbprint - ok
18:17:26.0706 0892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:17:26.0745 0892 USBSTOR - ok
18:17:26.0766 0892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:17:26.0794 0892 usbuhci - ok
18:17:26.0834 0892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:17:26.0847 0892 vdrvroot - ok
18:17:26.0870 0892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:17:26.0898 0892 vga - ok
18:17:26.0916 0892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:17:26.0964 0892 VgaSave - ok
18:17:26.0998 0892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:17:27.0016 0892 vhdmp - ok
18:17:27.0035 0892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:17:27.0048 0892 viaide - ok
18:17:27.0064 0892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:17:27.0078 0892 volmgr - ok
18:17:27.0119 0892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:17:27.0140 0892 volmgrx - ok
18:17:27.0162 0892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:17:27.0182 0892 volsnap - ok
18:17:27.0204 0892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:17:27.0222 0892 vsmraid - ok
18:17:27.0245 0892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:17:27.0280 0892 vwifibus - ok
18:17:27.0309 0892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:17:27.0333 0892 vwififlt - ok
18:17:27.0477 0892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:17:27.0512 0892 WacomPen - ok
18:17:27.0545 0892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:17:27.0602 0892 WANARP - ok
18:17:27.0609 0892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:17:27.0658 0892 Wanarpv6 - ok
18:17:27.0709 0892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:17:27.0725 0892 Wd - ok
18:17:27.0758 0892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:17:27.0786 0892 Wdf01000 - ok
18:17:27.0829 0892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:17:27.0876 0892 WfpLwf - ok
18:17:27.0910 0892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:17:27.0923 0892 WIMMount - ok
18:17:28.0001 0892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:17:28.0023 0892 WinUsb - ok
18:17:28.0055 0892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:17:28.0086 0892 WmiAcpi - ok
18:17:28.0136 0892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:17:28.0218 0892 ws2ifsl - ok
18:17:28.0275 0892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:17:28.0342 0892 WudfPf - ok
18:17:28.0368 0892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:17:28.0442 0892 WUDFRd - ok
18:17:28.0499 0892 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
18:17:28.0546 0892 xusb21 - ok
18:17:28.0592 0892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:17:28.0673 0892 \Device\Harddisk0\DR0 - ok
18:17:28.0685 0892 Boot (0x1200) (5c93931ee5629338ffb3831668243f0e) \Device\Harddisk0\DR0\Partition0
18:17:28.0686 0892 \Device\Harddisk0\DR0\Partition0 - ok
18:17:28.0712 0892 Boot (0x1200) (b2da6828f115c30801fff64de1626bab) \Device\Harddisk0\DR0\Partition1
18:17:28.0714 0892 \Device\Harddisk0\DR0\Partition1 - ok
18:17:28.0715 0892 ============================================================
18:17:28.0715 0892 Scan finished
18:17:28.0715 0892 ============================================================
18:17:28.0747 1044 Detected object count: 0
18:17:28.0747 1044 Actual detected object count: 0
|
|
05.03.2012, 19:08
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CMD Fenster öffnet sich nach pc start ganz kurz. Virus? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu CMD Fenster öffnet sich nach pc start ganz kurz. Virus? |
| angst, cmd, cmd-fenster, einiger, erkenne, erkennen, fenster, gestartet, nicht erkennen, start, systemstart, trojaner, virus, virus?, öffnet |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
