| |
| |||||||
Log-Analyse und Auswertung: Trojaner generic.26? Viele Meldungen, ahnungslose Laptop BesitzerinWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.03.2012, 14:29
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.03.2012, 14:07
| #17 |
 | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop BesitzerinCode:
ATTFilter OTL logfile created on: 27.03.2012 11:26:24 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sabrina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19190) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,21% Memory free 6,21 Gb Paging File | 4,96 Gb Available in Paging File | 79,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 25,72 Gb Free Space | 22,12% Space Free | Partition Type: NTFS Drive E: | 115,13 Gb Total Space | 102,30 Gb Free Space | 88,86% Space Free | Partition Type: NTFS Computer Name: BINAS-PC | User Name: Sabrina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.25 21:08:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe PRC - [2012.02.25 16:29:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.06 18:21:24 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe PRC - [2011.12.06 18:21:08 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe PRC - [2011.11.22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2011.11.18 17:36:42 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.02.25 16:29:48 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.03.26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL MOD - [2009.02.06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL MOD - [2008.04.07 21:59:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Google Update-Dienst (gupdatem) SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) Google Update Service (gupdate) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.06 18:21:24 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2011.12.06 18:21:08 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.11.18 17:36:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2011.10.18 17:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2009.11.21 14:55:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2009.11.14 13:37:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2007.10.30 01:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Sabrina\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011.10.15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2011.10.15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011.10.15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2011.10.15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011.10.15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.10.15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2011.10.15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2011.10.15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2010.04.19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009.10.15 18:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI) DRV - [2009.09.16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.09.16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV - [2009.04.20 10:41:38 | 000,804,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud) DRV - [2008.07.18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2008.04.18 01:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.08 02:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.08.31 18:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2005.01.19 11:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928) DRV - [2005.01.19 11:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\..\SearchScopes,DefaultScope = {F3FBB9CB-6D2D-416C-A5F5-BF098C676B40} IE - HKLM\..\SearchScopes\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={397F087D-DA3D-4442-8FE4-941CDB0E6F2F}&mid=31ebcf19351f430d8ff84e06781f1110-22c19b33995470c8b6c3d849a9229e006eb3ab9d&lang=de&ds=AVG&pr=fr&d=2012-03-04 13:36:16&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{C9F333E8-D232-41B5-B695-484B45E14879}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1 IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bddfa1ce5-90b8-49ea-9cbe-e4bf53c16c39%7D&mid=31ebcf19351f430d8ff84e06781f1110-22c19b33995470c8b6c3d849a9229e006eb3ab9d&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2012-03-04%2013%3A36%3A16&sap=ku&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sabrina\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.23 08:54:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.23 08:54:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.03.27 11:24:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.03.22 19:48:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.25 16:29:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.04 22:05:14 | 000,000,000 | ---D | M] [2010.08.10 17:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Extensions [2012.02.08 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\382g54k6.default\extensions [2010.08.11 22:30:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\382g54k6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.27 21:23:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\382g54k6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.10 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions [2010.08.09 18:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.09 18:53:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010.08.09 20:29:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.08.09 18:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.08.09 20:29:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.12.11 17:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.12.11 17:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2011.12.11 17:24:34 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.03.27 11:24:44 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE [2012.03.22 19:48:02 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR () (No name found) -- C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.02.25 16:29:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.25 16:29:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.04 14:36:12 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.02.25 16:29:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.25 16:29:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.25 16:29:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.25 16:29:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.25 16:29:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: DivX HiQ = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2012.03.22 19:28:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120322184642.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] E File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] E" File not found O4 - HKLM..\Run: [CanonMyPrinter] E /LOGON File not found O4 - HKLM..\Run: [CanonSolutionMenu] E /LOGON File not found O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [DivXUpdate] E" /CHECKNOW File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Module Loader] E -STARTUPRUN File not found O4 - HKLM..\Run: [QuickTime Task] E" -ATBOOTTIME File not found O4 - HKLM..\Run: [ROC_roc_dec12] E" /PROMPT /CMPID=ROC_DEC12 File not found O4 - HKLM..\Run: [RtHDVCpl] E File not found O4 - HKLM..\Run: [SmoothView] E File not found O4 - HKLM..\Run: [StartCCC] E" File not found O4 - HKLM..\Run: [SynTPEnh] E File not found O4 - HKLM..\Run: [Toshiba Registration] E File not found O4 - HKLM..\Run: [Toshiba TEMPO] E File not found O4 - HKLM..\Run: [TPwrMain] E File not found O4 - HKLM..\Run: [VolPanel] E" /R File not found O4 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EAC42DB-58CB-4FE0-89B6-DE46D347F004}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC64AF2-4D53-4CB6-A1AD-20DBBCFB3027}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC64AF2-4D53-4CB6-A1AD-20DBBCFB3027}: NameServer = 192.168.2.1 O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Labtec Inc.) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.25 21:08:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe [2012.03.24 09:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.23 22:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.23 22:15:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.23 22:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.22 19:54:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.03.22 19:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.03.22 19:46:41 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys [2012.03.22 19:46:23 | 000,338,176 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys [2012.03.22 19:46:23 | 000,180,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys [2012.03.22 19:46:23 | 000,165,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys [2012.03.22 19:46:23 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2012.03.22 19:46:23 | 000,064,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys [2012.03.22 19:46:23 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys [2012.03.22 19:46:22 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys [2012.03.22 19:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee [2012.03.22 19:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2012.03.22 19:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2012.03.22 19:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.03.22 19:37:32 | 000,150,856 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe [2012.03.22 19:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.03.22 19:32:09 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.03.22 19:32:09 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\temp [2012.03.22 16:16:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.03.22 16:16:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.03.22 16:16:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.03.22 16:16:12 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.03.18 17:09:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.14 23:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.14 23:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.14 23:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.14 23:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.03.14 23:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.03.14 08:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.03.13 21:34:01 | 000,000,000 | -HSD | C] -- C:\Users\Sabrina\AppData\Local\a28aa113 [2012.03.04 14:53:22 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\AVG2012 [2012.03.04 14:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.27 11:19:29 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.27 11:19:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.27 11:19:29 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.27 11:19:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.26 21:30:47 | 000,058,368 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.25 21:08:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe [2012.03.24 17:52:36 | 000,000,680 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\d3d9caps.dat [2012.03.24 17:52:34 | 000,000,552 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\d3d8caps.dat [2012.03.23 22:15:43 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.22 20:13:29 | 000,000,411 | ---- | M] () -- C:\Users\Sabrina\Desktop\Sammelordner - Verknüpfung.lnk [2012.03.22 19:48:41 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk [2012.03.22 19:28:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.03.14 23:16:45 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.14 11:20:36 | 000,000,000 | ---- | M] () -- C:\Users\Sabrina\defogger_reenable [2012.03.11 20:19:16 | 000,000,000 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\TS3Patch.lck [2012.03.01 15:26:53 | 000,000,680 | RHS- | M] () -- C:\Users\Sabrina\ntuser.pol [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.24 17:52:34 | 000,000,552 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\d3d8caps.dat [2012.03.23 22:15:43 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.22 20:13:31 | 000,000,411 | ---- | C] () -- C:\Users\Sabrina\Desktop\Sammelordner - Verknüpfung.lnk [2012.03.22 19:48:41 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk [2012.03.22 16:16:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.03.22 16:16:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.03.22 16:16:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.03.22 16:16:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.03.22 16:16:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.03.14 23:16:45 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.14 11:20:36 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\defogger_reenable [2012.03.11 20:19:16 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\TS3Patch.lck [2012.03.01 15:26:02 | 000,000,680 | RHS- | C] () -- C:\Users\Sabrina\ntuser.pol [2011.04.17 16:05:29 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.08.27 16:06:22 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll ========== LOP Check ========== [2012.03.01 15:28:18 | 000,000,000 | ---D | M] -- C:\Users\Jack Frank\AppData\Roaming\AVG10 [2012.03.04 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Jack Frank\AppData\Roaming\AVG2012 [2010.02.14 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Amazon [2009.09.12 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Audacity [2010.11.13 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVG10 [2012.03.04 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVG2012 [2010.07.03 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Canon [2011.12.27 21:24:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DVDVideoSoft [2011.12.27 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.27 15:03:46 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Foxit Software [2011.04.17 16:05:33 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\FreeAudioPack [2011.01.23 18:56:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\gtk-2.0 [2009.02.24 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Inkscape [2012.03.04 13:45:20 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\IrfanView [2009.08.10 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\MAGIX [2010.08.27 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\OpenOffice.org [2009.06.13 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Opera [2012.02.12 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Origin [2011.01.13 22:31:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\PhotoScape [2011.02.12 17:23:09 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Software4u [2010.01.18 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony [2010.01.18 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony Setup [2010.11.28 00:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\SYBEX.eurofahrschule2010.9151FF1C04D985321FBE252CD7DD9485437B0213.1 [2009.08.08 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Teleca [2011.04.06 22:09:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Template [2009.02.23 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Toshiba [2012.03.26 23:00:30 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.24 13:31:49 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Adobe [2010.02.14 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Amazon [2012.03.14 23:19:57 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Apple Computer [2009.01.31 18:23:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\ATI [2009.09.12 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Audacity [2010.11.13 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVG10 [2012.03.04 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVG2012 [2009.05.10 22:12:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVS4YOU [2010.07.03 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Canon [2009.11.14 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Creative [2011.01.16 18:11:37 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DivX [2011.12.27 21:24:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DVDVideoSoft [2011.12.27 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.27 15:03:46 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Foxit Software [2011.04.17 16:05:33 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\FreeAudioPack [2009.01.31 18:49:24 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Google [2011.01.23 18:56:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\gtk-2.0 [2009.01.31 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Identities [2009.02.24 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Inkscape [2012.03.04 13:45:20 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\IrfanView [2009.01.31 19:06:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Macromedia [2009.08.10 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\MAGIX [2010.08.08 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Media Center Programs [2010.11.13 13:21:31 | 000,000,000 | --SD | M] -- C:\Users\Sabrina\AppData\Roaming\Microsoft [2010.08.10 17:48:42 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Mozilla [2010.08.27 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\OpenOffice.org [2009.06.13 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Opera [2012.02.12 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Origin [2011.01.13 22:31:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\PhotoScape [2009.03.27 01:31:19 | 000,000,000 | RH-D | M] -- C:\Users\Sabrina\AppData\Roaming\SecuROM [2010.09.29 22:13:21 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Skype [2010.09.29 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\skypePM [2011.02.12 17:23:09 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Software4u [2010.01.18 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony [2009.02.01 23:00:40 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony Ericsson [2010.01.18 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony Setup [2010.11.28 00:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\SYBEX.eurofahrschule2010.9151FF1C04D985321FBE252CD7DD9485437B0213.1 [2009.08.08 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Teleca [2011.04.06 22:09:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Template [2009.02.23 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Toshiba [2009.02.06 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.06.08 08:58:08 | 000,010,134 | R--- | M] () -- C:\Users\Sabrina\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.08.27 15:17:44 | 000,583,168 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\EF1.tmp_\sun-pdfimport.oxt\xpdfimport.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys [2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys [2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys [2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\Druckumgebung] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\Eigene Dateien] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\Lokale Einstellungen] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\Netzwerkumgebung] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\Recent] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\SendTo] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\Startmenü] -> Error: Cannot create file handle -> Unknown point type [C:\Windows\System32\config\systemprofile\Vorlagen] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > Geändert von Sabrina155 (27.03.2012 um 14:14 Uhr) Grund: CODE-Tag geschlossen |
|
27.03.2012, 14:17
| #18 |
| | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop BesitzerinCode:
ATTFilter OTL Extras logfile created on: 27.03.2012 11:26:24 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sabrina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,21% Memory free
6,21 Gb Paging File | 4,96 Gb Available in Paging File | 79,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 25,72 Gb Free Space | 22,12% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 102,30 Gb Free Space | 88,86% Space Free | Partition Type: NTFS
Computer Name: BINAS-PC | User Name: Sabrina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
[HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{104237F3-AB93-48E3-A092-18B38ED2786F}" = rport=445 | protocol=6 | dir=out | app=system |
"{1054B5DD-6A6C-476A-A793-A265EECBBC76}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{151FB4E8-8340-4177-9A19-F8FF50C35343}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{160470B3-AD48-4602-A32A-69DCC030EBF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{268A2E09-94B0-4A7B-8014-1A4598CBCF21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{309E3ECA-E5B9-4A6D-8D26-00BCCD21B8AE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{312A5115-1596-4B2D-9DDF-7E6B4F4D45DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{547F48FD-DFF8-4390-A775-5A8061001C20}" = lport=137 | protocol=17 | dir=in | app=system |
"{557C8C15-C900-4F67-990D-CBCD0F5D1B4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56B1E6B2-8558-44BC-A07B-CEFB061E1827}" = lport=138 | protocol=17 | dir=in | app=system |
"{596CD246-E267-402D-B4B6-25D84B0E5210}" = rport=138 | protocol=17 | dir=out | app=system |
"{65F0C2DE-0B91-40D9-89C4-0C030F1E3185}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A35D989-E976-474F-AED7-B2C3CCB3B8F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8032A516-D65A-4B51-A8D5-1788CFEDFDFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{8051F23C-0736-4961-8DD0-8DAD4261A0F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83BA94AF-AB65-4188-A477-2CA85BDEE69F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{85343040-8DA4-4A74-BAFC-6C158BB30737}" = lport=2869 | protocol=6 | dir=in | app=system |
"{900101FA-303F-40AB-B9BB-633B19FFA14B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CA19EB8-80C1-4349-B49C-8CD06405D0F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A828756C-0440-41BC-89C6-98E15A40150F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AE803DC1-BC82-4B06-B973-637B1C962CA5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C9F60E2C-E098-4317-9BB6-F94A231C4346}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB1EE25A-D1BE-4312-AB33-E310A35FE7E4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D9319571-D976-46E6-BCA0-908E5381D291}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5757597-8B12-44EC-BCDF-1D17F9172AAC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEB8551D-B992-4F98-8438-7F5C423C1D08}" = rport=2869 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A8226D-BEE2-45F5-8759-7D6D384D0EDA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{082F1D9F-D47F-4408-85DC-F48B77BFBD42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1E80D845-AFDE-4539-8678-D57F37DC4F32}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{22C551C9-0534-4CF7-9EDD-FBC2653317EE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{28036563-9E4B-42CD-9F45-FA9AEB193C42}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{361C130B-79A7-4F44-8E39-557BC3A702A4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{3C1A0C5A-3AE6-49A7-8FBA-1D2E6A33C5BA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{49A14D9F-DF9A-4AF2-92CC-437C8FF47A64}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{4F7F4E65-EA91-4972-B207-1F8B90153A03}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{56C32CD8-7112-471E-B3E3-7916213A9E4C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5821748C-6D39-4F3F-9F6A-066DDB9D0B25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7818C439-5DDA-4BB0-A7B9-0361E7404AD7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{7B818882-2E1D-4105-BFBE-7D73AE772966}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{7FAEEE3E-8DE8-479F-9CFE-40ED84FF83F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{820ED8FC-672D-4D0D-8055-5C9591E5124B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{895EFCA9-D51B-4EDA-BDB8-F2B921382F12}" = protocol=17 | dir=in | app=e:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{8D169EA1-F28A-40A1-A5F1-CB1D379C528C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{984A9F69-82BE-429F-BD4C-8AEC610F9A1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{986E81AB-DF7F-41C4-B6CE-11E3AEB81F99}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{99BE8696-F6C5-43E7-B489-6A4DB6955508}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
"{A2AEE2F9-1667-4993-88DD-9A9EE3D347D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A96637E8-6BB8-4DDA-93E5-F6C35F31F2F7}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
"{B0956CBF-E0C3-4E20-893C-0CC6C3FADC80}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{B1DE394E-71B2-422E-8900-B476E6E852AD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B8252693-537B-49ED-B71A-B6111A24E408}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C459C01B-32BA-44E8-8664-B823D40BC49B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CA45FEAB-1369-45C8-8DCA-CBE8FAB28AFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3139214-EF98-43FE-A4FD-3D39A5287F8B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E32CCD98-55BD-45AD-83AE-38B20D7782DE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E4B38D3E-66B1-459E-B22F-E70E113AA915}" = protocol=6 | dir=in | app=e:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{FA2B80B2-367B-4303-9448-9A64C633485A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FBE7DBA6-E674-42A2-A3AE-CEB9C2ADED85}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FD572625-2BC6-4234-8D30-5AC14D6F2BF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{20112835-0FA1-46A0-BC83-607512491A77}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2BFE1F7C-DA55-4B69-82DE-5AC1F60AE493}E:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{37BE4E25-39AF-46CF-83CC-199C9BB08B8F}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A65A0C52-9700-4A12-AC59-DDE4F19E7B8C}E:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{AEEF400B-55D4-47BD-AE6F-0A7CF8B900D6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{D6653F3B-FC03-47F0-B7B3-1744617DC722}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{068AB5B3-921F-450F-A5DB-08284A908708}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7720361D-51C8-438C-B1B4-97FBD7ABEF60}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{7D4AE556-3F93-40A5-AA89-3EE7292A42F9}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{7E96CADE-BC28-4DD7-9343-9DF660113E42}E:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{C133F016-2287-41C8-97C2-8287DA8B8D53}E:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{EB395364-0EEE-47B4-ABF1-D7EA9B1D09F4}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{8018AD38-3EBB-A031-D4F8-EF6A5952F168}" = ATI Catalyst Install Manager
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSC" = McAfee Internet Security Suite
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"Origin" = Origin
"Revo Uninstaller" = Revo Uninstaller 1.89
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2012 05:10:41 | Computer Name = Binas-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.03.2012 05:17:27 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3600 (0xe10) Thread address : 0x77C45CD4 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\System32\msfeeds.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 27.03.2012 05:19:29 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3448 (0xd78) Thread address : 0x77C45CD4 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\System32\odbc32.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 27.03.2012 05:19:36 | Computer Name = Binas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung McSvHost.exe, Version 2.0.230.0, Zeitstempel
0x4d41ff35, fehlerhaftes Modul naiann.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4d545190, Ausnahmecode 0xc0000005, Fehleroffset 0x690f0296, Prozess-ID 0x7d0,
Anwendungsstartzeit 01c84bf8b5837ff6.
Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3152 (0xc50) Thread address : 0x77C45CD4 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\System32\inetcpl.cpl
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3436 (0xd6c) Thread address : 0x77C45CD4 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\System32\inetcpl.cpl
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2352 (0x930) Thread address : 0x77C45CD4 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Common
Files\Mcafee\McSvcHost\McSvHost.exe by C:\Windows\system32\services.exe 4(0)(0)
4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5380 (0x1504) Thread address : 0x77C45CD4 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\system32\schedsvc.dll
by C:\Windows\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5468 (0x155c) Thread address : 0x77C45CD4 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\System32\taskeng.exe
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(16)(0) 4(16)(0)
7200(16)(0) 7595(16)(0) 7005(16)(0) 7004(16)(0) 5006(0)(0) 5004(0)(0)
Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5568 (0x15c0) Thread address : 0x77C45CD4 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\system32\de-DE\kernel32.dll.mui
by C:\Windows\system32\wermgr.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
[ System Events ]
Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.03.2012 05:20:20 | Computer Name = Binas-PC | Source = DCOM | ID = 10010
Description =
Error - 27.03.2012 05:24:14 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 27.03.2012 05:24:14 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 27.03.2012 05:24:19 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031
Description =
< End of report >
 |
|
27.03.2012, 14:29
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={397F087D-DA3D-4442-8FE4-941CDB0E6F2F}&mid=31ebcf19351f430d8ff84e06781f1110-22c19b33995470c8b6c3d849a9229e006eb3ab9d&lang=de&ds=AVG&pr=fr&d=2012-03-04 13:36:16&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{C9F333E8-D232-41B5-B695-484B45E14879}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR - Extension: DivX HiQ = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] E File not found
O4 - HKLM..\Run: [ATICustomerCare] E" File not found
O4 - HKLM..\Run: [CanonMyPrinter] E /LOGON File not found
O4 - HKLM..\Run: [CanonSolutionMenu] E /LOGON File not found
O4 - HKLM..\Run: [DivXUpdate] E" /CHECKNOW File not found
O4 - HKLM..\Run: [Module Loader] E -STARTUPRUN File not found
O4 - HKLM..\Run: [QuickTime Task] E" -ATBOOTTIME File not found
O4 - HKLM..\Run: [ROC_roc_dec12] E" /PROMPT /CMPID=ROC_DEC12 File not found
O4 - HKLM..\Run: [RtHDVCpl] E File not found
O4 - HKLM..\Run: [SmoothView] E File not found
O4 - HKLM..\Run: [StartCCC] E" File not found
O4 - HKLM..\Run: [SynTPEnh] E File not found
O4 - HKLM..\Run: [Toshiba Registration] E File not found
O4 - HKLM..\Run: [Toshiba TEMPO] E File not found
O4 - HKLM..\Run: [TPwrMain] E File not found
O4 - HKLM..\Run: [VolPanel] E" /R File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files
C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf
C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten
C:\Users\Sabrina\AppData\Local\a28aa113
C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files
C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf
C:\Windows\System32\config\systemprofile\Cookies
C:\Windows\System32\config\systemprofile\Druckumgebung
C:\Windows\System32\config\systemprofile\Eigene Dateien
C:\Windows\System32\config\systemprofile\Lokale Einstellungen
C:\Windows\System32\config\systemprofile\Netzwerkumgebung
C:\Windows\System32\config\systemprofile\Recent
C:\Windows\System32\config\systemprofile\SendTo
C:\Windows\System32\config\systemprofile\Startmenü
C:\Windows\System32\config\systemprofile\Vorlagen
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 16:32
| #20 |
| | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop BesitzerinCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C9F333E8-D232-41B5-B695-484B45E14879}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9F333E8-D232-41B5-B695-484B45E14879}\ not found.
Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\zh_TW folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\zh_CN folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\pt_BR folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\ja folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\fr folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\es folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\en folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\de folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\images folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0 folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\zh_TW folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\zh_CN folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\pt_BR folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\ja folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\fr folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\es folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\en folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\de folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales folder moved successfully.
C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
File C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
File C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry value HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\00TCrdMain deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ATICustomerCare deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CanonMyPrinter deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CanonSolutionMenu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Module Loader deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RtHDVCpl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SmoothView deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SynTPEnh deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Toshiba Registration deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Toshiba TEMPO deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TPwrMain deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VolPanel deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver folder moved successfully.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten folder moved successfully.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
C:\Users\Sabrina\AppData\Local\a28aa113\U folder moved successfully.
C:\Users\Sabrina\AppData\Local\a28aa113 folder moved successfully.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Druckumgebung scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Eigene Dateien scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Lokale Einstellungen scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Netzwerkumgebung scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Recent scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\SendTo scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Startmenü scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Vorlagen scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jack Frank
->Temp folder emptied: 499380 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 146199973 bytes
->Flash cache emptied: 61223 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sabrina
->Temp folder emptied: 33738 bytes
->Temporary Internet Files folder emptied: 414510 bytes
->Java cache emptied: 36718 bytes
->FireFox cache emptied: 389722935 bytes
->Google Chrome cache emptied: 64980389 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 18882 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71368 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 574,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03272012_162828
Files\Folders moved on Reboot...
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten not found!
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Druckumgebung scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Eigene Dateien scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Lokale Einstellungen scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Netzwerkumgebung scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Recent scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\SendTo scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Startmenü scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\config\systemprofile\Vorlagen scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
27.03.2012, 19:26
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin |
|
27.03.2012, 21:10
| #22 |
| | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop BesitzerinCode:
ATTFilter 22:04:42.0850 5736 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:04:44.0855 5736 ============================================================
22:04:44.0855 5736 Current date / time: 2012/03/27 22:04:44.0855
22:04:44.0855 5736 SystemInfo:
22:04:44.0855 5736
22:04:44.0855 5736 OS Version: 6.0.6002 ServicePack: 2.0
22:04:44.0855 5736 Product type: Workstation
22:04:44.0856 5736 ComputerName: BINAS-PC
22:04:44.0856 5736 UserName: Sabrina
22:04:44.0856 5736 Windows directory: C:\Windows
22:04:44.0856 5736 System windows directory: C:\Windows
22:04:44.0856 5736 Processor architecture: Intel x86
22:04:44.0856 5736 Number of processors: 2
22:04:44.0856 5736 Page size: 0x1000
22:04:44.0856 5736 Boot type: Normal boot
22:04:44.0856 5736 ============================================================
22:04:47.0388 5736 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:04:47.0463 5736 \Device\Harddisk0\DR0:
22:04:47.0496 5736 MBR used
22:04:47.0496 5736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE893000
22:04:47.0496 5736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEB81800, BlocksNum 0xE643970
22:04:47.0922 5736 Initialize success
22:04:47.0922 5736 ============================================================
22:05:10.0523 6024 ============================================================
22:05:10.0523 6024 Scan started
22:05:10.0523 6024 Mode: Manual; SigCheck; TDLFS;
22:05:10.0523 6024 ============================================================
22:05:11.0044 6024 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:05:11.0294 6024 ACPI - ok
22:05:11.0446 6024 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:05:11.0512 6024 adp94xx - ok
22:05:11.0568 6024 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:05:11.0601 6024 adpahci - ok
22:05:11.0636 6024 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:05:11.0666 6024 adpu160m - ok
22:05:11.0693 6024 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:05:11.0724 6024 adpu320 - ok
22:05:11.0780 6024 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:05:11.0860 6024 AeLookupSvc - ok
22:05:11.0925 6024 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:05:11.0993 6024 AFD - ok
22:05:12.0080 6024 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
22:05:12.0290 6024 AgereSoftModem - ok
22:05:12.0347 6024 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:05:12.0375 6024 agp440 - ok
22:05:12.0396 6024 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:05:12.0425 6024 aic78xx - ok
22:05:12.0464 6024 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:05:12.0552 6024 ALG - ok
22:05:12.0584 6024 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:05:12.0610 6024 aliide - ok
22:05:12.0674 6024 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:05:12.0702 6024 amdagp - ok
22:05:12.0735 6024 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:05:12.0760 6024 amdide - ok
22:05:12.0787 6024 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:05:12.0856 6024 AmdK7 - ok
22:05:12.0880 6024 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:05:12.0948 6024 AmdK8 - ok
22:05:13.0014 6024 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:05:13.0063 6024 Appinfo - ok
22:05:13.0190 6024 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:05:13.0216 6024 Apple Mobile Device - ok
22:05:13.0340 6024 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:05:13.0367 6024 arc - ok
22:05:13.0425 6024 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:05:13.0451 6024 arcsas - ok
22:05:13.0496 6024 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:05:13.0551 6024 AsyncMac - ok
22:05:13.0589 6024 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:05:13.0616 6024 atapi - ok
22:05:13.0697 6024 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
22:05:13.0860 6024 athr - ok
22:05:13.0937 6024 Ati External Event Utility (54d715af597c06e87418c50f481bdd2c) C:\Windows\system32\Ati2evxx.exe
22:05:14.0086 6024 Ati External Event Utility - ok
22:05:14.0279 6024 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
22:05:14.0448 6024 atikmdag - ok
22:05:14.0524 6024 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:05:14.0578 6024 AudioEndpointBuilder - ok
22:05:14.0602 6024 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:05:14.0654 6024 Audiosrv - ok
22:05:14.0736 6024 AVG Security Toolbar Service - ok
22:05:14.0832 6024 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:05:14.0902 6024 Beep - ok
22:05:14.0982 6024 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:05:15.0114 6024 BFE - ok
22:05:15.0189 6024 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
22:05:15.0271 6024 BITS - ok
22:05:15.0319 6024 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:05:15.0393 6024 blbdrive - ok
22:05:15.0479 6024 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:05:15.0513 6024 Bonjour Service - ok
22:05:15.0572 6024 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:05:15.0642 6024 bowser - ok
22:05:15.0706 6024 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:05:15.0759 6024 BrFiltLo - ok
22:05:15.0782 6024 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:05:15.0828 6024 BrFiltUp - ok
22:05:15.0871 6024 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:05:15.0927 6024 Browser - ok
22:05:15.0952 6024 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:05:16.0044 6024 Brserid - ok
22:05:16.0076 6024 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:05:16.0167 6024 BrSerWdm - ok
22:05:16.0198 6024 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:05:16.0298 6024 BrUsbMdm - ok
22:05:16.0324 6024 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:05:16.0416 6024 BrUsbSer - ok
22:05:16.0439 6024 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:05:16.0531 6024 BTHMODEM - ok
22:05:16.0635 6024 catchme - ok
22:05:16.0670 6024 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:05:16.0726 6024 cdfs - ok
22:05:16.0759 6024 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:05:16.0807 6024 cdrom - ok
22:05:16.0870 6024 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:05:16.0930 6024 CertPropSvc - ok
22:05:17.0019 6024 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
22:05:17.0095 6024 cfwids - ok
22:05:17.0135 6024 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:05:17.0196 6024 circlass - ok
22:05:17.0228 6024 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:05:17.0267 6024 CLFS - ok
22:05:17.0349 6024 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:05:17.0375 6024 clr_optimization_v2.0.50727_32 - ok
22:05:17.0429 6024 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:05:17.0473 6024 clr_optimization_v4.0.30319_32 - ok
22:05:17.0574 6024 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:05:17.0632 6024 CmBatt - ok
22:05:17.0655 6024 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:05:17.0679 6024 cmdide - ok
22:05:17.0701 6024 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:05:17.0726 6024 Compbatt - ok
22:05:17.0738 6024 COMSysApp - ok
22:05:17.0826 6024 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
22:05:17.0849 6024 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
22:05:17.0849 6024 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
22:05:17.0878 6024 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:05:17.0903 6024 crcdisk - ok
22:05:17.0986 6024 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
22:05:18.0003 6024 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:05:18.0003 6024 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:05:18.0047 6024 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:05:18.0073 6024 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:05:18.0074 6024 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:05:18.0138 6024 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:05:18.0209 6024 Crusoe - ok
22:05:18.0284 6024 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
22:05:18.0332 6024 CryptSvc - ok
22:05:18.0430 6024 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
22:05:18.0447 6024 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
22:05:18.0447 6024 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
22:05:18.0524 6024 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:05:18.0594 6024 DcomLaunch - ok
22:05:18.0645 6024 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:05:18.0723 6024 DfsC - ok
22:05:18.0837 6024 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:05:19.0022 6024 DFSR - ok
22:05:19.0099 6024 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:05:19.0149 6024 Dhcp - ok
22:05:19.0207 6024 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:05:19.0235 6024 disk - ok
22:05:19.0285 6024 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:05:19.0333 6024 Dnscache - ok
22:05:19.0368 6024 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:05:19.0431 6024 dot3svc - ok
22:05:19.0493 6024 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:05:19.0551 6024 DPS - ok
22:05:19.0620 6024 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:05:19.0666 6024 drmkaud - ok
22:05:19.0729 6024 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:05:19.0791 6024 DXGKrnl - ok
22:05:19.0836 6024 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:05:19.0895 6024 E1G60 - ok
22:05:19.0940 6024 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:05:19.0987 6024 EapHost - ok
22:05:20.0058 6024 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:05:20.0090 6024 Ecache - ok
22:05:20.0147 6024 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:05:20.0186 6024 ehRecvr - ok
22:05:20.0198 6024 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:05:20.0257 6024 ehSched - ok
22:05:20.0263 6024 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:05:20.0300 6024 ehstart - ok
22:05:20.0374 6024 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:05:20.0416 6024 elxstor - ok
22:05:20.0495 6024 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:05:20.0584 6024 EMDMgmt - ok
22:05:20.0622 6024 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:05:20.0687 6024 ErrDev - ok
22:05:20.0755 6024 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:05:20.0807 6024 EventSystem - ok
22:05:20.0887 6024 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:05:20.0953 6024 exfat - ok
22:05:20.0987 6024 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:05:21.0047 6024 fastfat - ok
22:05:21.0122 6024 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:05:21.0177 6024 fdc - ok
22:05:21.0211 6024 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:05:21.0268 6024 fdPHost - ok
22:05:21.0284 6024 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:05:21.0378 6024 FDResPub - ok
22:05:21.0423 6024 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:05:21.0448 6024 FileInfo - ok
22:05:21.0473 6024 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:05:21.0543 6024 Filetrace - ok
22:05:21.0564 6024 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:05:21.0621 6024 flpydisk - ok
22:05:21.0664 6024 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:05:21.0696 6024 FltMgr - ok
22:05:21.0770 6024 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
22:05:21.0839 6024 FontCache - ok
22:05:21.0896 6024 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:05:21.0920 6024 FontCache3.0.0.0 - ok
22:05:21.0959 6024 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:05:22.0004 6024 Fs_Rec - ok
22:05:22.0063 6024 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
22:05:22.0124 6024 FwLnk - ok
22:05:22.0145 6024 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:05:22.0171 6024 gagp30kx - ok
22:05:22.0229 6024 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:05:22.0251 6024 GEARAspiWDM - ok
22:05:22.0303 6024 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:05:22.0413 6024 gpsvc - ok
22:05:22.0446 6024 gupdate - ok
22:05:22.0474 6024 gupdatem - ok
22:05:22.0533 6024 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:05:22.0639 6024 HdAudAddService - ok
22:05:22.0692 6024 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:05:22.0776 6024 HDAudBus - ok
22:05:22.0802 6024 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:05:22.0893 6024 HidBth - ok
22:05:22.0914 6024 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:05:23.0012 6024 HidIr - ok
22:05:23.0046 6024 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
22:05:23.0095 6024 hidserv - ok
22:05:23.0124 6024 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:05:23.0169 6024 HidUsb - ok
22:05:23.0201 6024 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:05:23.0260 6024 hkmsvc - ok
22:05:23.0287 6024 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:05:23.0312 6024 HpCISSs - ok
22:05:23.0357 6024 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:05:23.0443 6024 HTTP - ok
22:05:23.0486 6024 hwdatacard - ok
22:05:23.0534 6024 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:05:23.0560 6024 i2omp - ok
22:05:23.0655 6024 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:05:23.0718 6024 i8042prt - ok
22:05:23.0759 6024 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:05:23.0788 6024 iaStor - ok
22:05:23.0834 6024 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:05:23.0869 6024 iaStorV - ok
22:05:23.0970 6024 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:05:24.0100 6024 idsvc - ok
22:05:24.0129 6024 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:05:24.0156 6024 iirsp - ok
22:05:24.0219 6024 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:05:24.0277 6024 IKEEXT - ok
22:05:24.0400 6024 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
22:05:24.0592 6024 IntcAzAudAddService - ok
22:05:24.0647 6024 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:05:24.0672 6024 intelide - ok
22:05:24.0722 6024 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:05:24.0786 6024 intelppm - ok
22:05:24.0829 6024 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:05:24.0898 6024 IPBusEnum - ok
22:05:24.0939 6024 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:05:25.0002 6024 IpFilterDriver - ok
22:05:25.0042 6024 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:05:25.0093 6024 iphlpsvc - ok
22:05:25.0113 6024 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:05:25.0178 6024 IPMIDRV - ok
22:05:25.0208 6024 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:05:25.0266 6024 IPNAT - ok
22:05:25.0361 6024 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
22:05:25.0411 6024 iPod Service - ok
22:05:25.0449 6024 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:05:25.0505 6024 IRENUM - ok
22:05:25.0531 6024 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:05:25.0558 6024 isapnp - ok
22:05:25.0601 6024 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:05:25.0635 6024 iScsiPrt - ok
22:05:25.0656 6024 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:05:25.0680 6024 iteatapi - ok
22:05:25.0699 6024 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:05:25.0724 6024 iteraid - ok
22:05:25.0837 6024 jswpsapi (723ba0aec942e91c0a9ce146e73deceb) C:\Program Files\Jumpstart\jswpsapi.exe
22:05:25.0911 6024 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
22:05:25.0912 6024 jswpsapi - detected UnsignedFile.Multi.Generic (1)
22:05:25.0935 6024 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
22:05:25.0983 6024 jswpslwf - ok
22:05:26.0017 6024 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:05:26.0044 6024 kbdclass - ok
22:05:26.0060 6024 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:05:26.0124 6024 kbdhid - ok
22:05:26.0164 6024 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:05:26.0214 6024 KeyIso - ok
22:05:26.0273 6024 ksaud (2be8c28f2139c9b767c970497936f600) C:\Windows\system32\drivers\ksaud.sys
22:05:26.0352 6024 ksaud - ok
22:05:26.0404 6024 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:05:26.0448 6024 KSecDD - ok
22:05:26.0507 6024 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:05:26.0574 6024 KtmRm - ok
22:05:26.0608 6024 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
22:05:26.0661 6024 LanmanServer - ok
22:05:26.0698 6024 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:05:26.0753 6024 LanmanWorkstation - ok
22:05:26.0811 6024 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:05:26.0866 6024 lltdio - ok
22:05:26.0902 6024 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:05:26.0966 6024 lltdsvc - ok
22:05:26.0994 6024 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:05:27.0101 6024 lmhosts - ok
22:05:27.0133 6024 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:05:27.0161 6024 LSI_FC - ok
22:05:27.0193 6024 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:05:27.0219 6024 LSI_SAS - ok
22:05:27.0262 6024 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:05:27.0291 6024 LSI_SCSI - ok
22:05:27.0317 6024 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:05:27.0384 6024 luafv - ok
22:05:27.0462 6024 LVUSBSta (c7fcb579956b7fde002e6e9de36728d3) C:\Windows\system32\drivers\lvusbsta.sys
22:05:27.0520 6024 LVUSBSta - ok
22:05:27.0587 6024 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
22:05:27.0609 6024 MBAMProtector - ok
22:05:27.0691 6024 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:05:27.0738 6024 MBAMService - ok
22:05:27.0884 6024 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:05:27.0912 6024 McAfee SiteAdvisor Service - ok
22:05:27.0923 6024 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:05:27.0949 6024 McMPFSvc - ok
22:05:27.0960 6024 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:05:27.0986 6024 mcmscsvc - ok
22:05:27.0996 6024 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:05:28.0022 6024 McNaiAnn - ok
22:05:28.0048 6024 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:05:28.0074 6024 McNASvc - ok
22:05:28.0186 6024 McODS (e8c5aae17e8332f5f4f57935238cd5eb) C:\Program Files\McAfee\VirusScan\mcods.exe
22:05:28.0219 6024 McODS - ok
22:05:28.0231 6024 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:05:28.0257 6024 McProxy - ok
22:05:28.0330 6024 McShield (151f3ca25b739b9cb0066abd1523f064) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:05:28.0357 6024 McShield - ok
22:05:28.0452 6024 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
22:05:28.0497 6024 Mcx2Svc - ok
22:05:28.0583 6024 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:05:28.0608 6024 megasas - ok
22:05:28.0672 6024 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:05:28.0720 6024 MegaSR - ok
22:05:28.0764 6024 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
22:05:28.0788 6024 mfeapfk - ok
22:05:28.0851 6024 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
22:05:28.0877 6024 mfeavfk - ok
22:05:28.0890 6024 mfeavfk01 - ok
22:05:28.0941 6024 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
22:05:28.0964 6024 mfebopk - ok
22:05:29.0084 6024 mfefire (26ba2eebcff16f611ce1118fa0850810) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:05:29.0109 6024 mfefire - ok
22:05:29.0218 6024 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
22:05:29.0274 6024 mfefirek - ok
22:05:29.0380 6024 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
22:05:29.0417 6024 mfehidk - ok
22:05:29.0448 6024 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
22:05:29.0471 6024 mfenlfk - ok
22:05:29.0511 6024 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
22:05:29.0535 6024 mferkdet - ok
22:05:29.0599 6024 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
22:05:29.0620 6024 mferkdk - ok
22:05:29.0663 6024 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
22:05:29.0685 6024 mfesmfk - ok
22:05:29.0761 6024 mfevtp (e91c36e76e6395f233b3ae2ebc17251e) C:\Windows\system32\mfevtps.exe
22:05:29.0789 6024 mfevtp - ok
22:05:29.0830 6024 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
22:05:29.0858 6024 mfewfpk - ok
22:05:29.0890 6024 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:05:29.0950 6024 MMCSS - ok
22:05:29.0993 6024 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:05:30.0049 6024 Modem - ok
22:05:30.0069 6024 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:05:30.0125 6024 monitor - ok
22:05:30.0140 6024 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:05:30.0166 6024 mouclass - ok
22:05:30.0187 6024 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:05:30.0242 6024 mouhid - ok
22:05:30.0263 6024 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:05:30.0290 6024 MountMgr - ok
22:05:30.0338 6024 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:05:30.0366 6024 mpio - ok
22:05:30.0397 6024 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:05:30.0446 6024 mpsdrv - ok
22:05:30.0490 6024 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:05:30.0549 6024 MpsSvc - ok
22:05:30.0591 6024 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:05:30.0616 6024 Mraid35x - ok
22:05:30.0648 6024 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:05:30.0686 6024 MRxDAV - ok
22:05:30.0723 6024 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:05:30.0803 6024 mrxsmb - ok
22:05:30.0847 6024 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:05:30.0897 6024 mrxsmb10 - ok
22:05:30.0923 6024 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:05:30.0959 6024 mrxsmb20 - ok
22:05:30.0999 6024 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:05:31.0025 6024 msahci - ok
22:05:31.0052 6024 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:05:31.0078 6024 msdsm - ok
22:05:31.0116 6024 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:05:31.0178 6024 MSDTC - ok
22:05:31.0209 6024 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:05:31.0265 6024 Msfs - ok
22:05:31.0321 6024 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:05:31.0346 6024 msisadrv - ok
22:05:31.0384 6024 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:05:31.0451 6024 MSiSCSI - ok
22:05:31.0464 6024 msiserver - ok
22:05:31.0578 6024 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:05:31.0603 6024 MSK80Service - ok
22:05:31.0732 6024 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:05:31.0787 6024 MSKSSRV - ok
22:05:31.0817 6024 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:05:31.0873 6024 MSPCLOCK - ok
22:05:31.0891 6024 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:05:31.0955 6024 MSPQM - ok
22:05:32.0004 6024 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:05:32.0035 6024 MsRPC - ok
22:05:32.0077 6024 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:05:32.0103 6024 mssmbios - ok
22:05:32.0147 6024 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:05:32.0203 6024 MSTEE - ok
22:05:32.0222 6024 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:05:32.0251 6024 Mup - ok
22:05:32.0291 6024 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:05:32.0346 6024 napagent - ok
22:05:32.0389 6024 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:05:32.0429 6024 NativeWifiP - ok
22:05:32.0498 6024 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:05:32.0543 6024 NDIS - ok
22:05:32.0585 6024 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:05:32.0631 6024 NdisTapi - ok
22:05:32.0653 6024 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:05:32.0711 6024 Ndisuio - ok
22:05:32.0769 6024 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:05:32.0818 6024 NdisWan - ok
22:05:32.0845 6024 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:05:32.0891 6024 NDProxy - ok
22:05:32.0925 6024 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
22:05:32.0934 6024 Netaapl ( UnsignedFile.Multi.Generic ) - warning
22:05:32.0934 6024 Netaapl - detected UnsignedFile.Multi.Generic (1)
22:05:32.0951 6024 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:05:33.0008 6024 NetBIOS - ok
22:05:33.0050 6024 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:05:33.0102 6024 netbt - ok
22:05:33.0140 6024 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:05:33.0175 6024 Netlogon - ok
22:05:33.0214 6024 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:05:33.0279 6024 Netman - ok
22:05:33.0307 6024 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:05:33.0370 6024 netprofm - ok
22:05:33.0455 6024 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:05:33.0482 6024 NetTcpPortSharing - ok
22:05:33.0535 6024 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:05:33.0560 6024 nfrd960 - ok
22:05:33.0590 6024 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:05:33.0652 6024 NlaSvc - ok
22:05:33.0695 6024 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:05:33.0758 6024 Npfs - ok
22:05:33.0781 6024 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:05:33.0840 6024 nsi - ok
22:05:33.0875 6024 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:05:33.0943 6024 nsiproxy - ok
22:05:34.0011 6024 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:05:34.0149 6024 Ntfs - ok
22:05:34.0190 6024 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:05:34.0281 6024 ntrigdigi - ok
22:05:34.0302 6024 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:05:34.0358 6024 Null - ok
22:05:34.0386 6024 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:05:34.0414 6024 nvraid - ok
22:05:34.0446 6024 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:05:34.0472 6024 nvstor - ok
22:05:34.0499 6024 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:05:34.0528 6024 nv_agp - ok
22:05:34.0586 6024 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:05:34.0633 6024 ohci1394 - ok
22:05:34.0672 6024 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:05:34.0753 6024 p2pimsvc - ok
22:05:34.0794 6024 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:05:34.0847 6024 p2psvc - ok
22:05:34.0891 6024 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:05:34.0994 6024 Parport - ok
22:05:35.0025 6024 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:05:35.0053 6024 partmgr - ok
22:05:35.0079 6024 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:05:35.0186 6024 Parvdm - ok
22:05:35.0215 6024 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:05:35.0255 6024 PcaSvc - ok
22:05:35.0301 6024 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:05:35.0333 6024 pci - ok
22:05:35.0361 6024 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
22:05:35.0386 6024 pciide - ok
22:05:35.0420 6024 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:05:35.0448 6024 pcmcia - ok
22:05:35.0522 6024 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:05:35.0677 6024 PEAUTH - ok
22:05:35.0742 6024 PID_0928 (03e86718bb5aa2716c7349a854ff6203) C:\Windows\system32\DRIVERS\LV561AV.SYS
22:05:35.0780 6024 PID_0928 - ok
22:05:35.0879 6024 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:05:36.0070 6024 pla - ok
22:05:36.0118 6024 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:05:36.0178 6024 PlugPlay - ok
22:05:36.0241 6024 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:05:36.0313 6024 PNRPAutoReg - ok
22:05:36.0374 6024 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:05:36.0476 6024 PNRPsvc - ok
22:05:36.0554 6024 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:05:36.0632 6024 PolicyAgent - ok
22:05:36.0686 6024 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:05:36.0744 6024 PptpMiniport - ok
22:05:36.0783 6024 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:05:36.0838 6024 Processor - ok
22:05:36.0883 6024 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:05:36.0949 6024 ProfSvc - ok
22:05:36.0989 6024 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:05:37.0024 6024 ProtectedStorage - ok
22:05:37.0060 6024 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:05:37.0107 6024 PSched - ok
22:05:37.0166 6024 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
22:05:37.0190 6024 PxHelp20 - ok
22:05:37.0275 6024 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:05:37.0409 6024 ql2300 - ok
22:05:37.0445 6024 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:05:37.0472 6024 ql40xx - ok
22:05:37.0576 6024 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:05:37.0620 6024 QWAVE - ok
22:05:37.0689 6024 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:05:37.0730 6024 QWAVEdrv - ok
22:05:37.0753 6024 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:05:37.0809 6024 RasAcd - ok
22:05:37.0851 6024 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:05:37.0913 6024 RasAuto - ok
22:05:37.0932 6024 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:05:38.0001 6024 Rasl2tp - ok
22:05:38.0046 6024 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:05:38.0100 6024 RasMan - ok
22:05:38.0146 6024 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:05:38.0203 6024 RasPppoe - ok
22:05:38.0252 6024 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:05:38.0290 6024 RasSstp - ok
22:05:38.0332 6024 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:05:38.0385 6024 rdbss - ok
22:05:38.0421 6024 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:05:38.0477 6024 RDPCDD - ok
22:05:38.0513 6024 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:05:38.0573 6024 rdpdr - ok
22:05:38.0588 6024 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:05:38.0645 6024 RDPENCDD - ok
22:05:38.0689 6024 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
22:05:38.0739 6024 RDPWD - ok
22:05:38.0804 6024 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:05:38.0864 6024 RemoteAccess - ok
22:05:38.0912 6024 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:05:38.0964 6024 RemoteRegistry - ok
22:05:39.0031 6024 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:05:39.0082 6024 rimmptsk - ok
22:05:39.0102 6024 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:05:39.0146 6024 rimsptsk - ok
22:05:39.0161 6024 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:05:39.0227 6024 rismxdp - ok
22:05:39.0254 6024 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:05:39.0291 6024 RpcLocator - ok
22:05:39.0352 6024 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:05:39.0441 6024 RpcSs - ok
22:05:39.0476 6024 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:05:39.0534 6024 rspndr - ok
22:05:39.0595 6024 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:05:39.0666 6024 RTL8169 - ok
22:05:39.0740 6024 s1029bus (69013a123a00b3042c260b0056df0152) C:\Windows\system32\DRIVERS\s1029bus.sys
22:05:39.0767 6024 s1029bus - ok
22:05:39.0796 6024 s1029mdfl (1565fc31f872963fe8af471123d8424c) C:\Windows\system32\DRIVERS\s1029mdfl.sys
22:05:39.0817 6024 s1029mdfl - ok
22:05:39.0841 6024 s1029mdm (d67a8042ecf6c983ac0e308b36603677) C:\Windows\system32\DRIVERS\s1029mdm.sys
22:05:39.0866 6024 s1029mdm - ok
22:05:39.0909 6024 s1029mgmt (9ac56f06c1e13a963c82ebd067fdf274) C:\Windows\system32\DRIVERS\s1029mgmt.sys
22:05:39.0933 6024 s1029mgmt - ok
22:05:39.0997 6024 s1029nd5 (00c66c6baafb2747f15f94f15888c94a) C:\Windows\system32\DRIVERS\s1029nd5.sys
22:05:40.0017 6024 s1029nd5 - ok
22:05:40.0055 6024 s1029obex (6fc093aba554e45755dc2f3896b6c8d7) C:\Windows\system32\DRIVERS\s1029obex.sys
22:05:40.0078 6024 s1029obex - ok
22:05:40.0114 6024 s1029unic (9979b0e68815394665b2109b03d15fa1) C:\Windows\system32\DRIVERS\s1029unic.sys
22:05:40.0137 6024 s1029unic - ok
22:05:40.0171 6024 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:05:40.0206 6024 SamSs - ok
22:05:40.0246 6024 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:05:40.0273 6024 sbp2port - ok
22:05:40.0319 6024 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:05:40.0372 6024 SCardSvr - ok
22:05:40.0440 6024 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:05:40.0509 6024 Schedule - ok
22:05:40.0546 6024 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:05:40.0592 6024 SCPolicySvc - ok
22:05:40.0633 6024 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:05:40.0682 6024 sdbus - ok
22:05:40.0722 6024 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:05:40.0776 6024 SDRSVC - ok
22:05:40.0947 6024 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:05:40.0975 6024 SeaPort - ok
22:05:41.0007 6024 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:05:41.0099 6024 secdrv - ok
22:05:41.0127 6024 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:05:41.0186 6024 seclogon - ok
22:05:41.0205 6024 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
22:05:41.0266 6024 SENS - ok
22:05:41.0293 6024 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:05:41.0384 6024 Serenum - ok
22:05:41.0411 6024 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:05:41.0514 6024 Serial - ok
22:05:41.0542 6024 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:05:41.0598 6024 sermouse - ok
22:05:41.0635 6024 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:05:41.0696 6024 SessionEnv - ok
22:05:41.0718 6024 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
22:05:41.0764 6024 sffdisk - ok
22:05:41.0796 6024 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:05:41.0852 6024 sffp_mmc - ok
22:05:41.0885 6024 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:05:41.0931 6024 sffp_sd - ok
22:05:41.0950 6024 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:05:42.0055 6024 sfloppy - ok
22:05:42.0091 6024 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:05:42.0155 6024 SharedAccess - ok
22:05:42.0199 6024 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:05:42.0252 6024 ShellHWDetection - ok
22:05:42.0320 6024 SipIMNDI (1644c3814e0dae66cd68e39ffb97d869) C:\Windows\system32\DRIVERS\SipIMNDI.sys
22:05:42.0343 6024 SipIMNDI - ok
22:05:42.0381 6024 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:05:42.0408 6024 sisagp - ok
22:05:42.0432 6024 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:05:42.0459 6024 SiSRaid2 - ok
22:05:42.0479 6024 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:05:42.0506 6024 SiSRaid4 - ok
22:05:42.0647 6024 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:05:42.0849 6024 slsvc - ok
22:05:42.0894 6024 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:05:42.0945 6024 SLUINotify - ok
22:05:42.0992 6024 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:05:43.0041 6024 Smb - ok
22:05:43.0093 6024 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:05:43.0128 6024 SNMPTRAP - ok
22:05:43.0167 6024 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:05:43.0192 6024 spldr - ok
22:05:43.0239 6024 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:05:43.0295 6024 Spooler - ok
22:05:43.0324 6024 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:05:43.0414 6024 srv - ok
22:05:43.0454 6024 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:05:43.0509 6024 srv2 - ok
22:05:43.0543 6024 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:05:43.0579 6024 srvnet - ok
22:05:43.0614 6024 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:05:43.0676 6024 SSDPSRV - ok
22:05:43.0721 6024 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:05:43.0759 6024 SstpSvc - ok
22:05:43.0842 6024 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:05:43.0920 6024 stisvc - ok
22:05:43.0967 6024 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:05:43.0992 6024 swenum - ok
22:05:44.0038 6024 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:05:44.0097 6024 swprv - ok
22:05:44.0146 6024 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:05:44.0170 6024 Symc8xx - ok
22:05:44.0194 6024 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:05:44.0219 6024 Sym_hi - ok
22:05:44.0246 6024 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:05:44.0271 6024 Sym_u3 - ok
22:05:44.0303 6024 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
22:05:44.0334 6024 SynTP - ok
22:05:44.0383 6024 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:05:44.0448 6024 SysMain - ok
22:05:44.0479 6024 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:05:44.0518 6024 TabletInputService - ok
22:05:44.0556 6024 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:05:44.0610 6024 TapiSrv - ok
22:05:44.0630 6024 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:05:44.0691 6024 TBS - ok
22:05:44.0762 6024 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:05:44.0856 6024 Tcpip - ok
22:05:44.0890 6024 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:05:44.0964 6024 Tcpip6 - ok
22:05:45.0010 6024 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:05:45.0057 6024 tcpipreg - ok
22:05:45.0123 6024 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:05:45.0171 6024 tdcmdpst - ok
22:05:45.0202 6024 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:05:45.0258 6024 TDPIPE - ok
22:05:45.0282 6024 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:05:45.0341 6024 TDTCP - ok
22:05:45.0392 6024 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:05:45.0443 6024 tdx - ok
22:05:45.0514 6024 TempoMonitoringService (ce0b5d587839614a16480d7b8395ffe9) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
22:05:45.0537 6024 TempoMonitoringService - ok
22:05:45.0562 6024 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:05:45.0591 6024 TermDD - ok
22:05:45.0645 6024 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:05:45.0727 6024 TermService - ok
22:05:45.0770 6024 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:05:45.0812 6024 Themes - ok
22:05:45.0856 6024 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:05:45.0914 6024 THREADORDER - ok
22:05:45.0958 6024 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
22:05:45.0987 6024 TODDSrv - ok
22:05:46.0085 6024 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
22:05:46.0118 6024 TosCoSrv - ok
22:05:46.0159 6024 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
22:05:46.0189 6024 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
22:05:46.0189 6024 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
22:05:46.0218 6024 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
22:05:46.0257 6024 tosrfec - ok
22:05:46.0304 6024 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
22:05:46.0332 6024 tos_sps32 - ok
22:05:46.0368 6024 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:05:46.0430 6024 TrkWks - ok
22:05:46.0470 6024 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:05:46.0523 6024 TrustedInstaller - ok
22:05:46.0572 6024 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:05:46.0639 6024 tssecsrv - ok
22:05:46.0691 6024 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:05:46.0724 6024 tunmp - ok
22:05:46.0754 6024 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:05:46.0788 6024 tunnel - ok
22:05:46.0829 6024 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:05:46.0850 6024 TVALZ - ok
22:05:46.0875 6024 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:05:46.0902 6024 uagp35 - ok
22:05:46.0943 6024 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:05:46.0996 6024 udfs - ok
22:05:47.0042 6024 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:05:47.0104 6024 UI0Detect - ok
22:05:47.0135 6024 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:05:47.0162 6024 uliagpkx - ok
22:05:47.0198 6024 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:05:47.0232 6024 uliahci - ok
22:05:47.0258 6024 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:05:47.0287 6024 UlSata - ok
22:05:47.0316 6024 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:05:47.0346 6024 ulsata2 - ok
22:05:47.0376 6024 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:05:47.0450 6024 umbus - ok
22:05:47.0498 6024 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:05:47.0563 6024 upnphost - ok
22:05:47.0616 6024 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:05:47.0660 6024 USBAAPL - ok
22:05:47.0733 6024 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:05:47.0779 6024 usbaudio - ok
22:05:47.0848 6024 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:05:47.0900 6024 usbccgp - ok
22:05:47.0925 6024 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:05:48.0027 6024 usbcir - ok
22:05:48.0094 6024 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:05:48.0143 6024 usbehci - ok
22:05:48.0200 6024 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:05:48.0253 6024 usbhub - ok
22:05:48.0283 6024 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:05:48.0384 6024 usbohci - ok
22:05:48.0420 6024 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:05:48.0479 6024 usbprint - ok
22:05:48.0522 6024 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:05:48.0575 6024 usbscan - ok
22:05:48.0616 6024 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:05:48.0679 6024 USBSTOR - ok
22:05:48.0717 6024 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:05:48.0766 6024 usbuhci - ok
22:05:48.0831 6024 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:05:48.0912 6024 usbvideo - ok
22:05:48.0958 6024 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:05:49.0016 6024 UxSms - ok
22:05:49.0067 6024 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:05:49.0159 6024 vds - ok
22:05:49.0205 6024 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:05:49.0263 6024 vga - ok
22:05:49.0300 6024 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:05:49.0373 6024 VgaSave - ok
22:05:49.0436 6024 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:05:49.0464 6024 viaagp - ok
22:05:49.0495 6024 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:05:49.0558 6024 ViaC7 - ok
22:05:49.0591 6024 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:05:49.0618 6024 viaide - ok
22:05:49.0665 6024 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:05:49.0693 6024 volmgr - ok
22:05:49.0746 6024 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:05:49.0793 6024 volmgrx - ok
22:05:49.0838 6024 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:05:49.0872 6024 volsnap - ok
22:05:49.0935 6024 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:05:49.0963 6024 vsmraid - ok
22:05:50.0025 6024 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:05:50.0151 6024 VSS - ok
22:05:50.0196 6024 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:05:50.0253 6024 W32Time - ok
22:05:50.0292 6024 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:05:50.0390 6024 WacomPen - ok
22:05:50.0433 6024 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:05:50.0506 6024 Wanarp - ok
22:05:50.0524 6024 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:05:50.0572 6024 Wanarpv6 - ok
22:05:50.0622 6024 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:05:50.0699 6024 wcncsvc - ok
22:05:50.0747 6024 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:05:50.0800 6024 WcsPlugInService - ok
22:05:50.0853 6024 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:05:50.0881 6024 Wd - ok
22:05:50.0954 6024 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:05:51.0011 6024 Wdf01000 - ok
22:05:51.0049 6024 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:05:51.0113 6024 WdiServiceHost - ok
22:05:51.0120 6024 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:05:51.0184 6024 WdiSystemHost - ok
22:05:51.0229 6024 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:05:51.0273 6024 WebClient - ok
22:05:51.0330 6024 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
22:05:51.0402 6024 Wecsvc - ok
22:05:51.0439 6024 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:05:51.0492 6024 wercplsupport - ok
22:05:51.0540 6024 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:05:51.0594 6024 WerSvc - ok
22:05:51.0679 6024 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:05:51.0713 6024 WinDefend - ok
22:05:51.0729 6024 WinHttpAutoProxySvc - ok
22:05:51.0795 6024 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:05:51.0846 6024 Winmgmt - ok
22:05:51.0923 6024 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
22:05:52.0026 6024 WinRM - ok
22:05:52.0097 6024 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:05:52.0169 6024 Wlansvc - ok
22:05:52.0218 6024 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:05:52.0265 6024 WmiAcpi - ok
22:05:52.0351 6024 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:05:52.0421 6024 wmiApSrv - ok
22:05:52.0498 6024 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:05:52.0650 6024 WMPNetworkSvc - ok
22:05:52.0764 6024 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:05:52.0820 6024 WPCSvc - ok
22:05:52.0884 6024 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:05:52.0927 6024 WPDBusEnum - ok
22:05:53.0017 6024 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:05:53.0051 6024 WpdUsb - ok
22:05:53.0193 6024 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:05:53.0267 6024 WPFFontCache_v0400 - ok
22:05:53.0333 6024 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:05:53.0392 6024 ws2ifsl - ok
22:05:53.0463 6024 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
22:05:53.0517 6024 wscsvc - ok
22:05:53.0536 6024 WSearch - ok
22:05:53.0638 6024 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:05:53.0776 6024 wuauserv - ok
22:05:53.0872 6024 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:05:53.0931 6024 WUDFRd - ok
22:05:53.0972 6024 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:05:54.0036 6024 wudfsvc - ok
22:05:54.0113 6024 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:05:54.0296 6024 \Device\Harddisk0\DR0 - ok
22:05:54.0302 6024 Boot (0x1200) (5a23849b73d7fd867aadc5a8246d8408) \Device\Harddisk0\DR0\Partition0
22:05:54.0304 6024 \Device\Harddisk0\DR0\Partition0 - ok
22:05:54.0334 6024 Boot (0x1200) (33904090a71228b77843748973e3911f) \Device\Harddisk0\DR0\Partition1
22:05:54.0336 6024 \Device\Harddisk0\DR0\Partition1 - ok
22:05:54.0342 6024 ============================================================
22:05:54.0342 6024 Scan finished
22:05:54.0342 6024 ============================================================
22:05:54.0367 5460 Detected object count: 7
22:05:54.0368 5460 Actual detected object count: 7
22:06:33.0105 5460 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:06:33.0105 5460 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:06:33.0111 5460 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:06:33.0111 5460 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:06:33.0119 5460 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:06:33.0119 5460 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:06:33.0124 5460 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
22:06:33.0124 5460 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:06:33.0130 5460 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
22:06:33.0130 5460 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:06:33.0136 5460 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
22:06:33.0136 5460 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:06:33.0141 5460 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:06:33.0141 5460 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.03.2012, 21:23
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 21:36
| #24 |
| | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop BesitzerinCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-03-27 22:35:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0
Running: 2ib3q81v.exe; Driver: C:\Users\Sabrina\AppData\Local\Temp\fwtoqpow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8AF88498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8AF884C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8AF884AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8AF88484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:33:32 on 27.03.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\AudioCS\CTAudCS.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device Ethernet Service" (Netaapl) - "Apple Inc." - C:\Windows\System32\DRIVERS\netaapl.sys "catchme" (catchme) - ? - C:\Users\Sabrina\AppData\Local\Temp\catchme.sys (File not found) "fwtoqpow" (fwtoqpow) - ? - C:\Users\Sabrina\AppData\Local\Temp\fwtoqpow.sys (Hidden registry entry, rootkit activity | File not found) "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "McAfee Inc." (mfeavfk01) - ? - C:\Windows\system32\drivers\mfeavfk01.sys (File not found) "McAfee Inc. mferkdk" (mferkdk) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdk.sys "McAfee Inc. mfesmfk" (mfesmfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfesmfk.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Sony Ericsson Device 1029 driver (WDM)" (s1029bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029bus.sys "Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)" (s1029nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029nd5.sys "Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)" (s1029unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029unic.sys "Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)" (s1029mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029mgmt.sys "Sony Ericsson Device 1029 USB WMC Modem Driver" (s1029mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029mdm.sys "Sony Ericsson Device 1029 USB WMC Modem Filter" (s1029mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029mdfl.sys "Sony Ericsson Device 1029 USB WMC OBEX Interface" (s1029obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029obex.sys [Explorer] -----( HKLM\Software\Classes\Protocols\Filter )----- {3EF5086B-5478-4598-A054-786C45D75692} "McInternetProtocolRoot Class" - "McAfee, Inc." - c:\progra~1\mcafee\msc\mcsniepl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\progra~1\mcafee\sitead~1\mcieplg.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\progra~1\mcafee\sitead~1\mcieplg.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - ? - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll (File not found) / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\progra~1\mcafee\sitead~1\mcieplg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\progra~1\mcafee\sitead~1\mcieplg.dll {7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120322184642.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "EADM" - "Electronic Arts" - "C:\Program Files\Origin\Origin.exe" -AutoStart -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "mcui_exe" - "McAfee, Inc." - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll (File found, but it contains no detailed information) "EPSON Stylus D78 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBBGE.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (File not found) "ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "Creative ALchemy AL6 Licensing Service" (Creative ALchemy AL6 Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe "Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe "Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files\Creative\Shared Files\CTAudSvc.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update Service (gupdate)" (gupdate) - ? - C:\Program Files\Google\Update\GoogleUpdate.exe /svc (File not found) "Google Update-Dienst (gupdatem)" (gupdatem) - ? - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc (File not found) "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Program Files\Jumpstart\jswpsapi.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Anti-Spam Service" (MSK80Service) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe "McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe "McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "McAfee Personal Firewall Service" (McMPFSvc) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan\mcods.exe "McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe "McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Notebook Performance Tuning Service " (TempoMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe "TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Run date: 2012-03-27 22:34:25 ----------------------------- 22:34:25.994 OS Version: Windows 6.0.6002 Service Pack 2 22:34:25.994 Number of processors: 2 586 0xF0D 22:34:25.994 ComputerName: BINAS-PC UserName: Sabrina 22:34:27.913 Initialize success 22:36:01.051 AVAST engine defs: 12032701 22:36:11.800 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt" 22:36:17.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:36:17.515 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3 22:36:17.578 Disk 0 MBR read successfully 22:36:17.578 Disk 0 MBR scan 22:36:17.593 Disk 0 Windows VISTA default MBR code 22:36:17.609 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 22:36:17.624 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119078 MB offset 3074048 22:36:17.656 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 117895 MB offset 246945792 22:36:17.671 Disk 0 scanning sectors +488395120 22:36:17.765 Disk 0 scanning C:\Windows\system32\drivers 22:36:31.384 Service scanning 22:36:59.604 Modules scanning 22:37:05.126 Disk 0 trace - called modules: 22:37:05.158 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:37:05.173 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c30288] 22:37:05.189 3 CLASSPNP.SYS[8afc58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8617b028] 22:37:06.546 AVAST engine scan C:\Windows 22:37:10.446 AVAST engine scan C:\Windows\system32 22:43:16.083 AVAST engine scan C:\Windows\system32\drivers 22:43:43.492 AVAST engine scan C:\Users\Sabrina 22:44:35.877 Disk 0 MBR has been saved successfully to "C:\Users\Sabrina\Desktop\MBR.dat" 22:44:35.939 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt" Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 22:34:25
-----------------------------
22:34:25.994 OS Version: Windows 6.0.6002 Service Pack 2
22:34:25.994 Number of processors: 2 586 0xF0D
22:34:25.994 ComputerName: BINAS-PC UserName: Sabrina
22:34:27.913 Initialize success
22:36:01.051 AVAST engine defs: 12032701
22:36:11.800 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"
22:36:17.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:36:17.515 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
22:36:17.578 Disk 0 MBR read successfully
22:36:17.578 Disk 0 MBR scan
22:36:17.593 Disk 0 Windows VISTA default MBR code
22:36:17.609 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:36:17.624 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119078 MB offset 3074048
22:36:17.656 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 117895 MB offset 246945792
22:36:17.671 Disk 0 scanning sectors +488395120
22:36:17.765 Disk 0 scanning C:\Windows\system32\drivers
22:36:31.384 Service scanning
22:36:59.604 Modules scanning
22:37:05.126 Disk 0 trace - called modules:
22:37:05.158 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:37:05.173 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c30288]
22:37:05.189 3 CLASSPNP.SYS[8afc58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8617b028]
22:37:06.546 AVAST engine scan C:\Windows
22:37:10.446 AVAST engine scan C:\Windows\system32
22:43:16.083 AVAST engine scan C:\Windows\system32\drivers
22:43:43.492 AVAST engine scan C:\Users\Sabrina
22:44:35.877 Disk 0 MBR has been saved successfully to "C:\Users\Sabrina\Desktop\MBR.dat"
22:44:35.939 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"
22:45:10.005 File: C:\Users\Sabrina\AppData\Local\temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
22:45:10.286 File: C:\Users\Sabrina\AppData\Local\temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
23:00:43.986 AVAST engine scan C:\ProgramData
23:06:20.004 Scan finished successfully
23:07:14.838 Disk 0 MBR has been saved successfully to "C:\Users\Sabrina\Desktop\MBR.dat"
23:07:14.869 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"
Geändert von Sabrina155 (27.03.2012 um 22:10 Uhr) |
|
28.03.2012, 10:09
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 19:01
| #26 |
| | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop BesitzerinCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/28/2012 at 01:59 PM
Application Version : 5.0.1146
Core Rules Database Version : 8389
Trace Rules Database Version: 6201
Scan type : Complete Scan
Total Scan Time : 01:34:23
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 686
Memory threats detected : 0
Registry items scanned : 34314
Registry threats detected : 0
File items scanned : 54664
File threats detected : 26
Adware.Tracking Cookie
delivery.ibanner.de [ C:\USERS\JACK FRANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YBR2B8UA ]
.msnportal.112.2o7.net [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]
tracking.mobile.de [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]
a.visualrevenue.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]
|
|
29.03.2012, 10:30
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin NUr Cookies. Was ist mit Malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2012, 21:24
| #28 |
| | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin Sorry. Hatte ich vergessen. Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.29.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19190 Sabrina :: BINAS-PC [Administrator] Schutz: Aktiviert 29.03.2012 18:57:43 mbam-log-2012-03-29 (18-57-43).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364527 Laufzeit: 2 Stunde(n), 58 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
29.03.2012, 21:44
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2012, 21:51
| #30 |
| | Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin Alles klar. Super!! Tausend Dank. Ich dachte schon ich muss den Laptop entsorgen. Wie bekomme ich diese Cookies denn weg oder lässt man die? Das einzige Problem, welches ich habe sind 2 Links die Firefox gespeichert hat. Eins von Facebook: irgendein Foto-Link und ein Link von der Bank, welches mir schon eher Sorgen macht. Ansonsten ging meine Uhr immer teilweise nicht, diese läuft jetzt allerdings wieder. Kann das damit zutun gehabt haben? |
|
| Themen zu Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin |
| antivirus, avg antivirus, avg security toolbar, bonjour, cid, converter, cpu, firefox, flash player, google, helper, home, installation, mcafee firewall, mozilla, mp3, origin, performance, plug-in, programm, realtek, rundll, security, siteadvisor, software, svchost.exe, system, trojaner, usb, warnmeldungen, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
